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HIGH-RISK INFORMATION TECHNOLOGY 
PROJECTS: IS POOR MANAGEMENT 
LEADING TO BILLIONS IN WASTE? 


THURSDAY, SEPTEMBER 20, 2007 

U.S. Senate, 

Subcommittee on Federal Financial Management, 
Government Information, Federal Services, 

AND International Security, 

OF THE Committee on Homeland Security 
AND Governmental Affairs, 
Washington, DC. 

The Subcommittee met, pursuant to notice, at 2:31 p.m., in room 
SD-342, Dirksen Senate Office Building, Hon. Thomas R. Carper, 
Chairman of the Subcommittee, presiding. 

Present: Senators Carper, Akaka, and Coburn. 

OPENING STATEMENT OF SENATOR CARPER 

Senator Carper. The Subcommittee will come to order. I want to 
welcome all of our witnesses. Thank you for joining us today and 
for our next panel as well. 

We are here today, in large part because of the interest that our 
Chairman from our last session of Congress, Senator Coburn, had 
expressed and demonstrated in the issue of IT projects. We had a 
hearing in the last Congress, and this is really a follow-up to that, 
and I thank him for his leadership and for getting us to focus on 
this. And I am sure he will have a good deal more to say, but we 
are here in no small part because of the effort that he led the last 
2 years. 

In my role as governor, we used to work on IT projects, and we 
found them in some cases very difficult to manage. They often 
turned out to be expensive. We launched those projects because we 
were trying to find ways to provide better service to the people that 
we served, represented, and we were trying to save taxpayers some 
money, and we tried to do it by harnessing information technology 
for the delivery of better service at a lower cost. 

Usually we succeeded. There were a couple of times we did not, 
and we are not very proud of those failures. So I know what it is 
like to have tried this stuff and to have been successful and not to 
have been successful. And the idea of having someone looking over 
our shoulders — in this case, the Federal Government looking over 
our shoulders, not only 0MB and GAO, but also us on this Sub- 
committee — is, I think, a good thing. We want to exercise our over- 
sight in a constructive way, to always let our agencies know that 

( 1 ) 
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we are trying to provide better service, trying to do it in a better 
way and save the taxpayers some money, to know that we want to 
make sure that they are on the ball, that they are getting the job 
done, and that they do not lose track of that. 

We appreciate our witnesses coming before us today, taking your 
time to participate in this hearing. This is the second hearing, as 
I said, of this Subcommittee on the issue of poorly planned and 
underperforming IT investments. This hearing will focus on how 
the Office of Management and Budget and Federal agencies will 
ensure the success of potentially $10, $10.5 billion of at-risk infor- 
mation technology projects. 

Investing in the Federal Government’s information technology in- 
frastructure is crucial to the efficient operation of Federal pro- 
grams and in many cases to our national security. Projects such as 
the Department of Homeland Security’s Secure Border Initiative 
technology program, or SBInet, as it is commonly referred to, is ex- 
pected to provide our border agents real-time information on at- 
tempted border crossings by illegal immigrants or by terrorists or 
by thieves. Investments such as this are too important to our Na- 
tion to be allowed to fail due to a lack of planning or a lack of man- 
agement oversight. 

But there are times when maybe we might want to cut our losses 
and end a failing project before we waste even more hard-earned 
taxpayer dollars. I know from experience it is hard to make those 
decisions, but sometimes it is a decision we must make. We owe 
it to taxpayers to pull the plug in some cases or go back to the 
drawing board when a project is continually over budget and is just 
not delivering what we had expected it to deliver. 

Last year alone, the Federal Government spent some $64 billion 
on 857 information technology investments. Spending this year will 
be just as high, I am told. The Federal Government is planning to 
invest approximately another $65 billion on some 840 IT projects. 

Managing IT investments can be a difficult process, as we know. 
Cost overruns and delays can be expected from time to time. Some- 
times a project that sounded like a good idea at one point just 
might not pan out. This makes sound oversight important, and that 
is what we are here for. 

As our witnesses are aware, the Clinger-Cohen Act requires 
0MB to report to Congress on the net program performance bene- 
fits achieved as a result of agencies’ IT investments. 0MB uses doc- 
uments provided by Federal agencies to compile two lists that iden- 
tify the most at-risk IT projects. Aptly named the “Management 
Watch List” on the one hand and the “High-Risk List” on the other 
hand, these lists highlight projects that have been poorly planned 
or are underperforming. 

However, as GAO is going to testify here today, the 0MB may 
not be receiving the information required to properly exercise their 
oversight duty. As we found out at our last hearing, much of the 
documentation that agencies submit to 0MB, such as the Exhibit 
300s, are not properly supported or contain unreliable cost esti- 
mates. Moreover, the high-risk list is potentially understated as 
agencies are only required to report their own projects based on 
0MB criteria. 
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This year, according to GAO, 227 IT projects totaling an esti- 
mated $10.4 billion in expenditures for fiscal year 2008 have been 
identified as being poorly planned, poorly performing, or, in some 
cases, both. Most alarming are the 33 projects totaling $4.1 billion 
identified simultaneously as both poorly planned and poorly per- 
forming, and that is just not acceptable. 

As you can see, we have got a couple of charts over here. I am 
just going to put up one of the charts. ^ Figure 3 shows the break- 
down by the number of projects and billions of dollars between the 
high-risk list, the Management Watch List, and the projects that 
are listed because they are both poorly planned and underper- 
forming. 

The next chart enables us to examine the high-risk list a little 
more closely, and it tells us why these projects run into trouble. ^ 
How many do we have here? 

Senator Coburn. One hundred eighty six. 

Senator Carper. We have 186. We have about 101 running into 
trouble because of cost and schedule variance within 10 percent. 
They are not staying within that 10 percent. We have another 33 
because we do not have qualified project managers. And then there 
are about 12 more that we can attribute to avoiding duplication. 

Now, 0MB, to their credit, has made improvements in identi- 
fying and overseeing at-risk projects. Following last September’s 
hearing, 0MB released the Management Watch List, requiring 
agencies to publish their Exhibit 300s on their website. And, fur- 
ther, 0MB has improved agencies’ self-identification of high-risk 
projects, resulting in an increase in the number of projects on the 
high-risk list. However, we need to do more, and as GAO will tes- 
tify today, questions still remain as to whether all high-risk 
projects are properly identified and tracked by senior management 
at both 0MB and at the individual agencies themselves. Moreover, 
0MB has not revealed to Congress the specific reasons why 
projects are on the Management Watch List, leaving us unable to 
track progress, recognize trends, or to examine underlying causes 
or governmentwide issues. 

I look forward to working with our witnesses today, as well, 
along with my Ranking Member, Senator Coburn, and our other 
colleagues on this Subcommittee, in order to assure that proper 
oversight is in place. The American taxpayers demand that we be 
good stewards of their money, and I know everyone in this room 
wants to see that become a reality. We have a responsibility, really, 
to ensure that IT investments are managed properly, appropriately 
at every phase of development. Again, that is what we are here to 
do, to try to ensure it happens more often than not. 

Again, I would say to Senator Coburn thanks very much for pro- 
viding the inspiration and the leadership on this issue in the last 
Congress, and I look forward to working with you on it this time 
as well. 


^The chart submitted by Senator Carper appears in the Appendix on page 124. 
2 The chart submitted by Senator Carper appears in the Appendix on page 125. 
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OPENING STATEMENT OF SENATOR COBURN 

Senator Coburn. Thank you, Senator Carper. And welcome. You 
are familiar faces, being in front of this Subcommittee. I think it 
is important that we stay informed on what is happening. I appre- 
ciate very much what 0MB has done in terms of making informa- 
tion more transparent. 

I have a lot of concern. Please put up those two charts. ^ 

I think you are moving in the right direction. I am very worried 
that we have a lot of dollars at risk because we are not moving fast 
enough and effectively enough. 

These two slides, the first thing that bothers me is we have over 
90 percent of the IT projects at the Department of Veterans Affairs 
being rebaselined. Now, that has got to be a metric that tells us 
we have got real problems with buying IT projects at the VA. What 
rebaselining is, for everybody here, is that we are going to reset, 
so we are going to hide the true cost and the failures of the pro- 
grams in terms of buying. The average is 19 percent in the govern- 
ment, and you can see all those to the left, which is about 10 or 
11 — Veterans Affairs, Department of Health and Human Services, 
Department of the Treasury, Department of Defense, Department 
of Labor, and USAID are all above 30 percent of their projects get 
rebaselined. Well, “rebaselined” is another way of saying we do not 
want everybody to know what the real cost was, or we do not want 
everybody to know that we inadequately prepared when we started 
out on this project. And so to me that is a very concerning figure. 
Anywhere in the private sector, if you had 90 percent of your 
projects needing to be rebaselined, we would fire the people who 
are responsible for the IT projects, and I would tell you probably 
if you had 30 percent in the private sector. I can understand be- 
cause there are a lot of unknowns in terms of when we contract 
that. 

Then this other slide just shows the total number of projects 
rebaselined by Department, and you can see HHS and Department 
of Transportation and Department of the Treasury have a signifi- 
cant number, but the dollar amounts are not as great.^ 

So I am looking forward to our testimony today. I am worried 
that we are still — this is a large amount of money, $65 billion. It 
is bigger than the total GDP of 100 countries out there, and yet we 
seem to still be having some troubles managing it. 

The other thing that I have concern with is we have cost-plus 
contracting rather than contracting where here is what we want, 
you give us a bid, and you deliver, and then let’s hold you account- 
able for delivering. And I know that is an oversimplification. I 
know that does not apply in every instance, especially in defense 
and some of the other security issues. But in the private sector, 
there is not much in terms of cost-plus bidding for some of these 
IT contracts. There is a total bid, and then their feet are held to 
the fire to accomplish the goal at a fixed price. 

And so I look forward to hearing from our witnesses. I thank you 
both for being here, thank you for the great work the GAO does. 


^The first chart submitted by Senator Coburn appears in the Appendix on page 126. 
^The second chart submitted by Senator Coburn appears in the Appendix on page 127. 
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and I thank you for the responsiveness that 0MB has had, and I 
look forward to continued responsiveness from you. 

Thank you, Mr. Chairman. 

Senator Carper. Thank you. Senator. Senator Akaka, you are 
up. Thanks so much for being here. 

OPENING STATEMENT OF SENATOR AKAKA 

Senator Akaka. Thank you, Mr. Chairman. I want to welcome 
our witnesses here to this hearing. 

Information technology is fundamental to the day-to-day func- 
tioning of our government, from managing benefits at the Depart- 
ment of Veterans Affairs to helping first responders at the Depart- 
ment of Homeland Security. According to the Administration’s fis- 
cal year 2008 budget request — and this was mentioned by Senator 
Coburn — about $65 billion is spent on over 6,500 IT projects gov- 
ernment-wide. This is more than the entire budget of the Depart- 
ment of Homeland Security. These massive investments must be 
carefully planned and managed to ensure the government runs ef- 
fectively and that the taxpayers’ dollars are not squandered. 

Oversight of these projects is very difficult. There are few reli- 
able measures now available to assess the performance and man- 
agement of IT investments. While the Office of Management and 
Budget maintains a high-risk list and an at-risk list, additional 
performance data on IT projects is difficult to come by. Without 
this essential information, neither 0MB nor Congress can ade- 
quately assess the value of these projects. Additional information 
is also needed to fully understand the risks associated with a 
project. Agencies should not be overly risk averse, but they can 
minimize risk through better management. 

Agencies often rely on contractors to provide IT goods and serv- 
ices, making oversight even more difficult. As my Subcommittee on 
Oversight of Government Management has heard from several wit- 
nesses, contract oversight is increasingly difficult with an overbur- 
dened Federal acquisition workforce. Agencies need to commit to 
planning for their own specific IT needs rather than relying on con- 
tractors to make the decisions for them. 

There needs to be greater emphasis on utilizing off-the-shelf 
products or products already in use by the government. Testimony 
by DHS’ Chief Financial Officer at a hearing in July underscored 
this point when DHS decided to consolidate several existing finan- 
cial management systems rather than developing a new one from 
scratch. It is my hope that the Office of Management and Budget 
will take a more active leadership role in providing guidance and 
so assistance that agencies avoid unwarranted or duplicative IT 
projects. At the same time, 0MB must not shy away from using 
their budgetary authority to make course corrections or halt failing 
projects when necessary. 

I want to emphasize the critical role played by individual agency 
Chief Information Officers (CIOs), who are critical to IT planning 
and management. The Federal Government must recruit CIOs who 
have experience and expertise in the IT field in addition to strong 
management skills. Unfortunately, according to a 2004 GAO re- 
port, retaining CIOs is a challenge. Past and current CIOs admit- 
ted that they should be in place for at least 3 to 5 years to be effec- 
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tive, though the average tenure was only 2 years. Agencies must 
confront the challenge of maintaining experienced CIOs despite 
fierce competition with the often more lucrative private sector. 
While cutting-edge IT will always he a risky investment, costly 
problems can be avoided through better management. 

Again, Mr. Chairman, I want to thank you for holding this hear- 
ing and for your and Senator Coburn’s continued attention and 
dedication to this important issue. Thank you very much. 

Senator Carper. You bet, and thank you very much for your 
statement. Thanks a lot for being here and for working with us on 
this obligation. 

We have two panels. I am just going to introduce our first two 
witnesses, if I may, and we will introduce the others when we go 
to the second panel. I think we are going to have a vote that starts 
at about 2:55, and what we will do is probably — I would like to fin- 
ish the testimony from our first panel, and we will run off and vote, 
come back, and then we will do questions, and then bring the sec- 
ond panel on. But I expect we will have a couple of other interrup- 
tions later this afternoon. 

Let me start, if I could, with Karen Evans. Ms. Evans is the Ad- 
ministrator of the Office of Electronic Government and Information 
Technology at the Office of Management and Budget. In this role, 
she oversees the implementation of information technology 
throughout the Federal Government, including advising the Direc- 
tor on the performance of IT investments. Prior to becoming admin- 
istrator, Ms. Evans was the Chief Information Officer for the De- 
partment of Energy — is that right? 

Ms. Evans. Yes, sir. 

Senator Carper. As well as Vice Chair of the Federal Chief In- 
formation Officers Council. As Vice Chair, she coordinated the 
council’s efforts in developing Federal IT programs and in improv- 
ing agency information resource practices. She has a bachelor’s de- 
gree in chemistry and a master’s in business administration from 
the University of Delaware — all right, from West Virginia, West 
Virginia University. And as a native of West Virginia, the only na- 
tive-born West Virginian in the U.S. Senate, welcome, Ms. Evans. 

David Powner is Director of GAO’s Information Technology team. 
He is currently responsible for a large segment of GAO’s informa- 
tion technology work, including system development, IT investment 
management, health IT, and cyber critical infrastructure protection 
reviews. In the private sector, he has held several executive-level 
positions in the telecommunications industry. He graduated from 
the University of Denver with a degree in business administration, 
as well as Harvard University’s John F. Kennedy School of Govern- 
ment’s Senior Executive Fellows Program. 

I am going to ask you to keep your testimony close to 5 minutes. 
If you run a few minutes over, we will let that go. But, if you will, 
I am going to recognize Ms. Evans first, and when she is finished, 
Mr. Powner, we will ask you to follow right on. 

Ms. Evans, you are recognized, and the entire statements from 
both of you will be entered into the record, and we will ask you just 
to summarize. Thanks. 
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TESTIMONY OF KAREN EVANS, ^ ADMINISTRATOR, ELEC- 
TRONIC GOVERNMENT AND INFORMATION TECHNOLOGY, 

OFFICE OF MANAGEMENT AND BUDGET 

Ms. Evans. Good afternoon, Mr. Chairman and Members of the 
Subcommittee. My remarks will focus on the Administration’s 
strategy and progress in tracking, analyzing, and evaluating the 
Federal Government’s information technology investments. 

Each quarter agencies receive a scorecard about their progress 
and status in achieving governmentwide goals under the Presi- 
dent’s Management Agenda. 0MB analyzes information provided 
on business cases when evaluating agencies’ activities pertaining to 
the Electronic Government component of the scorecard. We delib- 
erately included a criterion for “acceptable business cases” to em- 
phasize the necessity in management. It is just one of a number 
of the components agencies must satisfy to get to green (or yellow) 
for the scorecard, and the agencies’ scorecards are posted on a 
quarterly at results.gov. 

The information included about each business case ultimately 
helps 0MB and the agencies ensure effectively planned IT invest- 
ments and improved portfolio management. Business cases reflect- 
ing one or more planning weaknesses are placed on what we call 
the “Management Watch List” and are targeted for follow-up. 

I would also like to describe another indicator, the high-risk list, 
which is used to analyze and evaluate actual project execution and 
performance. The objective of our analysis is to manage the risk 
each quarter associated with the execution of the planned actions 
with the IT project to ensure and achieve the intended outcomes. 
Each quarter agencies evaluate and report to us on the perform- 
ance of the high-risk projects. These projects are considered “high- 
risk,” requiring special attention from the highest levels of the 
agency management and oversight authorities due to size, com- 
plexity and/or nature of the risk of the project, but they are not 
necessarily at-risk. For example, a successfully performing project 
may still be classified high risk due to the exceptionally high costs 
and/or complexity of the project. 

Oversight authorities and agency management must have tan- 
gible data on the performance of the projects at least quarterly to 
better ensure improvement in execution and performance. Agency 
managers and oversight authorities should know within 90 days if 
a project is not performing well. It is, therefore, a collaborative ef- 
fort to manage project risk and avoid problems or to catch them 
early should they occur before the taxpayers’ dollars are wasted. 
This approach is separate and unique from what we do on the 
Management Watch List since it presents the oversight authorities 
about information in a differing focus and timing and expected re- 
sults. It is not designed to replace the pre-existing oversight and 
internal agency processes but, rather, to supplement and com- 
plement them. 

This concludes my initial remarks on our strategy and our 
progress to date in analyzing and tracking, and the results have 
been included in my written statement. I would be glad to take 
questions when it is appropriate. 


^The prepared statement of Ms. Evans appears in the Appendix on page 43. 
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Senator Carper. Thanks, Ms. Evans. We can reserve your 2 min- 
utes, if you want. 

Ms. Evans. No. That is OK. 

Senator Carper. All right. Mr. Powner, welcome. Thank you for 
joining us and for your work. 

TESTIMONY OF DAVID A. POWNER, i DIRECTOR, INFORMATION 

TECHNOLOGY MANAGEMENT ISSUES, U.S. GOVERNMENT AC- 
COUNTABILITY OFFICE 

Mr. Powner. Thank you. Chairman Carper, Dr. Coburn, Senator 
Akaka, we appreciate the opportunity to testify this afternoon on 
poorly planned and performing Federal IT projects. 

Last September, we testified before this Subcommittee that $10 
billion in Federal IT spending was at risk of being wasted, that this 
figure was understated, and that 0MB and agencies could do more 
to oversee these technology investments. The good news is that 
0MB has stepped up its efforts and there is more accurate report- 
ing of troubled projects due to your oversight. However, we still 
have tens of billions of dollars at risk, and additional efforts are 
needed to better manage these technology investments. 

This afternoon, I have three points to make: 

First, over 200 IT projects totaling more than $10 billion are still 
not appropriately planned for or managed. 

Second, OMB’s efforts have resulted in more accurate reporting 
and oversight of troubled projects. 

And, third, despite progress, the $10 billion figure is still under- 
stated, and additional oversight is needed from both 0MB and 
agency CIOs. 

Expanding on each of these, first, as of July of this year, nearly 
140 projects totaling $8.6 billion were on the Management Watch 
List, and nearly 125 projects totaling $6 billion were being reported 
as high-risk projects with shortfalls. Common to both lists, as your 
chart shows here,^ are more than 30 projects totaling more than $4 
billion, meaning that these projects are both poorly planned and 
poorly performing. For example, DHS’ Secure Border Initiative 
project is on both lists. 

Second, 0MB has initiated several efforts to improve the report- 
ing and oversight of troubled projects. Specifically, the number of 
reported projects on the Management Watch List increased from 
last year, as did the number of high-risk projects with shortfalls. 
For example, last year when we testified before this Subcommittee, 
we reported that 70 high-risk projects totaling $2 billion had per- 
formance shortfalls at that time. We also identified several projects 
that clearly should have been included on the list and were not. 
Since then, the number of high-risk projects with performance 
shortfalls has nearly doubled, and the projects we identified are 
now included. This is due in part to 0MB working with agencies 
to ensure more consistent application of the high-risk criteria. In 
addition, since last September, 0MB publicly releases on a quar- 
terly basis aggregate lists of Management Watch List and high-risk 
projects by agency. 


^The prepared statement of Mr. Powner appears in the Appendix on page 47. 
2 The chart referred to appears in the Appendix on page 125. 
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Despite these positive steps, agency Inspectors General continue 
to report issues with the accuracy and reliability of the Exhibit 
300s, which means the number of projects on the Management 
Watch List is still somewhat inaccurate and understated. We also 
remain skeptical whether all high-risk projects with shortfalls are 
being reported by agencies. For example, although DOD accounts 
for nearly half of the $65 billion in Federal IT expenditures, it only 
reports three projects that collectively total less than $1 million 
with having shortfalls. 

We would also like to see agency-specific and governmentwide 
root cause analysis performed on Management Watch List and 
high-risk projects. Having such information would help identify 
areas for agencies to focus on and to identify weaknesses that tran- 
scend individual agencies. Such information would help to identify 
agency-specific and governmentwide improvement areas that could 
be addressed by hiring, training, and independent review teams, to 
name a few. In addition to focusing on the root causes of these 
poorly planned and performing projects, agency, 0MB, and congres- 
sional oversight should focus immediately on the 33 projects high- 
lighted in my written statement that are on both lists, as well as 
those projects that are repeat offenders, meaning that they have 
been on either list for extended periods of time. For example, last 
September, there were 86 projects on the 2007 Management Watch 
List; 29 of these are on the 2008 list since it was released earlier 
this year with the President’s budget. In addition, my written 
statement highlights over 20 projects that have had performance 
shortfalls for the last four quarters. 

In summary, Mr. Chairman, 0MB should be commended for 
shining a spotlight on these poorly planned and performing 
projects. Now more needs to be done to fix them. Specifically, 0MB 
and agencies need to address the root causes of these management 
weaknesses and focus on those projects that have multiple issues 
or those that have a long history of planning and performance 
shortfalls. Until this is done, we continue to risk wasting billions 
of dollars on these projects and leaving gaps in mission-critical op- 
erations. 

This concludes my statement. Thank you, Mr. Chairman, for 
your continued oversight of the Federal IT budget. 

Senator Carper. Mr. Powner, thanks very much. 

I am going to ask you to talk us through each of these charts. 

Just walk us through Figure 1, please, poorly planned and poorly 
performing IT projects, from June of this year. Just explain both 
of them, if you will. 

Mr. Powner. Well, first of all, the Management Watch List, that 
is derived by a review of agencies’ Exhibit 300s, so these are poorly 
planned projects. 

Senator Carper. Talk to us a little bit about the Exhibit 300s. 
Some people have never heard of Exhibit 300s. Just what is it? 

Mr. Powner. Well, what the Exhibit 300s is, it is the business 
case for these IT investments. It is also an assurance that we have 
adequate planning from a project management point of view. There 
are several areas based on OMB’s guidance — and Ms. Evans can 
get into the details here — where we look for things like earned 
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value techniques so we can track costs and schedule performance 
and those types of things, effective risk management programs. 

So based on the review of these business cases, there is roughly 
136 projects totaling $8.6 billion that are poorly planned. That is 
where you get the combination of the first two boxes there, the 
Management Watch List. 

Now, the high-risk projects, as Ms. Evans clearly pointed out, 
just because it is high risk does not mean that there is an issue 
with it. What we focus on are high-risk projects with performance 
shortfalls, one of these performance shortfalls on the far right 
chart. 

So if you look at the high-risk projects with shortfalls, we rough- 
ly have $6 billion projects — that is about 125 projects totaling $6 
billion. So if you take the two lists and add them up, you get to 
about $14 billion. But since we have the overlap of $4 billion, col- 
lectively we have about $10 billion that is at risk today. 

Senator Carper. All right. Go ahead and talk to us a little bit 
about the chart on the right. 

Mr. POWNER. The chart on the right, if you look at the 125 high- 
risk projects with performance shortfalls, some projects report mul- 
tiple shortfalls, that is why it adds up to more than 125 on the far 
right. So, clearly, the No. 1 shortfall for these high-risk projects are 
costs and schedule not within a 10-percent threshold. That is very 
common across the Federal Government, and I think the chart that 
Dr. Coburn held up that talked about the rebaselining, at times 
there are good reasons to rebaseline, but what you do not want is 
excessive rebaselining that masks overruns within 10 percent. And 
I think that is a large concern that was appropriately pointed out. 

You can see there that the second highest reported shortfall is 
where we do not have a clear baseline. Then following that are 33 
projects that are self-reporting that they do not have a qualified 
project manager. 

Now, interestingly, if you added the totals of those 33 projects, 
you come close to $1 billion worth of investment for fiscal year 
2008. That is not a good thing. We are saying that we have $1 bil- 
lion worth of investment that we do not have qualified PMs run- 
ning those projects. 

And then, finally, the last category there is duplication. In that 
case, there are a lot of e-gov initiatives where agencies have some 
of their financial management e-gov projects that they are actually 
reporting that there is current overlap with that because they have 
existing payroll systems and the HR systems and those types of 
things. But, clearly, the No. 1 issue here is the cost and schedule 
variance. 

What we would like to see is not only a breakdown like this — 
this is a good breakdown for the high risk. We would like to see 
a breakdown like this for the reasons why projects are on the Man- 
agement Watch List. We have never seen that. So we do not have 
a comparable breakdown for the Management Watch List. 

So what my written statement highlights is we would like to see 
a comparable breakdown, and then we would also like to see even 
a further breakdown where you get at the root cause analysis. Why 
do we not hit the 10-percent threshold? Well, I can tell you that 
we estimate poorly; we define requirements poorly; we have poor 
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risk management; we have issues with overseeing contractors. If 
we got into those root causes a bit more, then you can attack a lot 
of those root causes from a governmentwide and agency perspec- 
tive. And to Ms. Evans’ credit, her CIO Council and a number of 
efforts actually touch on a number of these improvement efforts. 
But we would like to see more follow-up from a root cause analysis 
from these lists. 

Senator Carper. Would you repeat what you were saying there 
about we do not have a comparable . . . ? 

Mr. PowNER. We know that there are 136 projects 

Senator Carper. And then I am going to ask Ms. Evans to re- 
spond to that and say why do you suppose that is the case. Go 
ahead. 

Mr. PowNER. We know there are 136 projects totaling $8.6 billion 
on the Management Watch List. Now, we do not know why they 
are on the list. We know it is one of 10 categories. We understand 
how 0MB scores, but we do not have the specifics where we would 
have a comparable analysis like we do for the high-risk projects 
with shortfalls. 

Senator Carper. Do you think that would be helpful to have 
that? 

Mr. PoWNER. Absolutely. I think if you want to attempt to attack 
the root cause of the issues here, it would be nice to have that 
breakdown and then go after the primary problems. 

Senator Carper. OK. Ms. Evans, would you just make a com- 
ment or two on that, please? 

Ms. Evans. When we review the business cases, there are 10 
areas, as Mr. Powner said, that the business case is composed of 
when we look at major investments. And so in those particular 
areas, it is things like project management which then translate 
over to the high-risk list. So you actually see activities related — 
what they say they are going to do for project management, do they 
have a qualified project manager. So you actually see that going 
into the execution. 

We have not released the exact scoring of this for a couple rea- 
sons, too, because this is a planning document as the agency is jus- 
tifying the investment, going forward and talking about how they 
are going to do certain things that support the priorities going for- 
ward through the agency. So it is a supporting budget document 
at that point. That is one of the issues. 

The other thing is that there is a lot of analysis. We may not be 
as transparent with the analysis as everyone would like for us to 
be, so I will acknowledge that up front. But there is a lot of anal- 
ysis that goes onto this and that when we release it, along with the 
other activities that we use, like on the President’s Management 
Agenda, on the scorecard, we actually evaluate things like security 
and privacy. There are specific criteria associated with that. And 
so when we rank these, when we rate these, we are using other in- 
formation that complements the business case, not just what is 
said in the business case alone. 

So if you take security and privacy, when a business case comes 
in, in September, the annual cyber security report also comes in, 
in October. So what we do is we look at that information together, 
and so if an IG says that an agency has a very poorly performing 
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security program, when you start looking at what is happening 
within the security overall within an agency, we look at that in 
total, and we say, OK, this particular part of this business case, 
which we have been very public about that, the whole business is 
at risk because they have a poorly performing security program. So 
we put those investments on the Management Watch List based on 
using the two pieces of information together. 

Now, it is possible — so I am really getting into some nuances 
here — that they can have some type of compensating risk for that 
particular investment which may not necessarily put it on there. So 
we use several pieces of information, and so my concern is that if 
we released a comparable piece when we are in the planning phase, 
it may not necessarily show all the analysis that goes into what we 
do with the business case as we are making recommendations 
through the budget process. So this is a planning document. 

At the end, when we release it, when the President’s budget is 
released, we keep them on the Management Watch List for specific 
things. And I think what I am hearing from everybody — so I will 
go back and relook at that — is at that time when we release those, 
you would like to know specifically why they are remaining on the 
Management Watch List, and is it something systemic like a failing 
cyber security program, or is it something particular to that par- 
ticular investment. And so I will take that back and look at that 
as a potential area for improvement for us. 

Senator Carper. All right. Good. Thanks. 

I am going to ask you to hold your fire right here, and we have 
7 minutes to go on this vote, and I am going to run and vote. We 
are going to stand in recess until Senator Coburn comes back. We 
will resume the hearing once he gets back, and he will ask some 
of his questions. And I should be back in about 10 minutes, but for 
now, let’s just stand in recess. And as we used to say in the Navy, 
“At ease.” 

[Recess.] 

Senator Coburn [presiding]. All right. We are going to try, for 
the sake of efficiency, to keep going, and Senator Carper should be 
back shortly. 

I want to spend a little time on the business case, the Exhibit 
300s. When something comes on the Management Watch List, most 
often it is because the Exhibit 300s, there is something wrong with 
them, right? 

Ms. Evans. Yes, sir. 

Senator Coburn. How is it that we have already bought a prod- 
uct when there is something wrong with the business case anal- 
ysis? 

Ms. Evans. OK. When you do a business case analysis, it de- 
pends on where you are in the lifecycle of the investment as well. 

Senator Coburn. Well, let’s talk about just when it starts. 

Ms. Evans. A brand-new one. 

Senator Coburn. A brand-new one. If we have a business case 
analysis that does not fit, that in OMB’s assessment is suspect, 
how in the world do we start down the road on a contract when 
we have a business case analysis that does not make sense in the 
first place? 
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Ms. Evans. So if this is a brand-new project and we look at the 
business case and the business case is not strong enough or there 
is a weakness in it based on — ^because at that point it would be 
planning and then your potential acquisition strategy. So those 
would be the areas that we would highlight the most on because 
it is a brand-new type of effort. 

So if it ended up on the Management Watch List, what happens 
is that is 2 years in advance, so the Management Watch List, what 
you are doing is that is a document that is supporting the upcom- 
ing budget. So right now, they have not done anything except for 
tell us what they are planning to do. And we are saying there is 
a problem with what you are planning to do, whether it is the ac- 
quisition strategy, you have not thought of all these things. 

So we work with them all the way up to where they actually 
have to execute out on that planning document. We say, “OK, you 
have to have a remediation plan, or we want you to go back and 
look at the acquisition strategy, or it is not really strong, or what- 
ever the weakness is.” And so we work through the upcoming year 
knowing that they have got to fix and put some type of plan in or 
address it or fix their acquisition strategy going forward. 

Now, in the ideal world, what would happen is before the fiscal 
year starts, they would have addressed all those weaknesses so 
that when the money is appropriated and they start that new 
project, that all the things that we have identified from a planning 
perspective jointly have been resolved, so that they can then go for- 
ward with the proper precautions in place. 

If you step back and say, “OK, maybe they did not address some 
of the planning issues, like project management, they do not have 
a qualified project manager on there to manage it through;” then 
what will happen is we say, “OK, they have done these other activi- 
ties, they have this person set up to go into training, they have a 
remediation plan as they start to execute.” So it moves to the high- 
risk list because that is when you are actually executing out on 
that particular effort that we thought needed to have some type of 
remediation. 

Senator Coburn. But here is the thing I do not understand. If, 
in fact, everything is not solved, why would we go on and allow a 
contract to be let? 

Ms. Evans. Sometimes we do not. 

Senator Coburn. Well, I know, but sometimes you do. 

Ms. Evans. Sometimes we have to 

Senator Coburn. No, you do not have to. You could say we are 
not prepared to spend the people of this country’s money wisely so, 
therefore, we are going to hold off on your allowing to let this con- 
tract — unless it is an earmark, we are going to hold off allowing 
you to spend this money until you have your act together. 

Ms. Evans. Which I would say that 0MB does use its authorities 
appropriately, especially in those types of cases, and then we also 
then, if the project has to go forward because there is a compelling 
business need, that we use the proper budget authorities, proper 
management authorities that we have, and we do not just release 
all the funds so that there is a floodgate of money and no account- 
ability. 

Senator Coburn. No, and I am not accusing you of that. 
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Ms. Evans. Right. 

Senator Coburn. If something is on the high-risk list and then 
it goes to the Management Watch List, to me it says we did not 
do what we were trying to do on a high-risk list. In other words, 
the whole purpose for having the high-risk list is so that they do 
not move to the Management Watch List. And if they are moving 
from a high-risk list before we ever institute a contract to a Man- 
agement Watch List, how did we fail in that time period where we 
recognized there was a problem until we were implemented? 

If there is a business case to be made to start a program and yet 
we are going to start it without all the tools and all the manage- 
ment there, why would we go on and start it? Even though we are 
going to lose some time, why would we not get it right before we 
start it? Because we are wanting to spend the money in the budget 
that is allowed? 

Ms. Evans. No. I would say, sir, to the agencies’ credit in that 
particular case, the underlying business requirement is there be- 
cause they put it together, whether it is a brand-new program com- 
ing out or there is a business need. So they clearly have identified 
a business need, and it is a major investment because it is coming 
in on a business case. I would say a lot of times to the agencies’ 
credit, especially when we are highlighting certain areas that we 
have major concerns with, which we know the oversight commit- 
tees would also have concerns with, they do slow down several of 
these activities until there are proper gates in place. They do go 
back and relook at that and slow it down and say, “OK, we can- 
not — we are not going to spend this money right now because we 
cannot answer some of these questions, we do not have the right 
contracting vehicle in place, OK, you want us to put certain provi- 
sions into the contract, we need to go back and look at it.” 

And so the agencies in partnership with us, with, “we are 0MB” 
type of approach here, but they do go back, to their credit, and go 
back and re-evaluate those, and there have been several projects 
where they have either stopped them because there was not ade- 
quate controls in place and then restarted them, or they have 
stopped the contract and redid the contract to address those con- 
cerns. 

Senator Coburn. How much is Congress to blame for bad 
projects moving forward? Have you looked at that? In other words, 
where we have directed you to do something that you are not ready 
to do because some Member of Congress says you have to do it? 

Ms. Evans. I cannot say that I have specifically done that par- 
ticular analysis. 

Senator Coburn. Has GAO looked at that? 

Mr. POWNER. No, we have not. But one thing to point out, the 
high-risk list. Dr. Coburn, if you look — we have 840 projects, right? 
And so “high risk” means it is an important — it is high dollar, it 
is an important project. If we do not deliver it, there is going to 
be some 

Senator Coburn. There is going to be a cost. 

Mr. PoWNER. There is going to be an issue, right? 

Senator Coburn. Right. 

Mr. PowNER. So of the 840 projects, we have about 440 that are 
deemed high risk, which means they are important projects. So we 
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have 400 projects that agencies are saying are not that important. 
That does not make sense, does it? 

Senator Coburn. No. 

Mr. PowNER. I would expect 90 percent of our 840 projects or 
more to be on the high-risk list. 

Ms. Evans. Well, OK. 

Mr. PowNER. To your point about what are you instructed to do 
and that, I think, it would be worthwhile to look at those 400 
projects. Why aren’t they high risk? 

Senator Coburn. Well, I think you will probably get a letter from 
my staff requesting that of the GAO after this hearing. 

Ms. Evans. There is a nuance here, so I need to clarify some- 
thing. I feel this compelling need to clarify this. I appreciate this 
opportunity. 

When we use the 840 number, that is a major investment. So 
when you are preparing this audit to ask them to look at this, that 
does not necessarily directly equate to 840 projects. So there could 
be a lot more projects under that investment, depending on how 
they group things. I am going to give you an example. Our policy 
says for one business case, one investment, we want one Exhibit 
300 that deals with infrastructure, office automation, desktop com- 
puting. Now, when you actually look at that and what is encom- 
passed in that, we also have a policy out there that is now telling 
agencies you need to do a standard desktop configuration, you need 
to move your agency to implement Internet Protocol Version 6. 
There are other things that they are doing, like changing out their 
telephone systems, updating — those are all projects. 

So there could be potentially five to six projects associated with 
one investment, so I am actually making the argument that there 
could be more than what is being reported here, but I want to 
make sure that everybody realizes it is not a one-for-one match 
here. 

Senator Coburn. I think that is a fair statement, and we will do 
that as we look at it. But it kind of goes back as to why if we start 
a project and it is on the high-risk list, why does it stay on the 
high-risk list? Why don’t they ever get off? 

Ms. Evans. Because sometimes they should stay on there be- 
cause of the complexity of the project, or because of the oversight 
and the mission-critical nature of the project. It can be a very high- 
ly performing project, but everybody wants to make sure that it 
gets to the intended results. And so there are other projects that 
are down there that are — for example, let’s take the 25 E-Govern- 
ment initiatives. Those are very important to the Office of Manage- 
ment and Budget. Those may not necessarily have the same level 
of importance to every different part of the organization within the 
agencies. So we use our authorities to put that on the high-risk list 
to make sure that there is not duplication. 

A project could be performing very well, but because Congress 
has a particular interest in a project because it is mission critical, 
because it is doing things with homeland security, it should be on 
the high-risk list so that everyone knows what it is doing, how well 
it is performing, getting that information on a quarterly basis so 
that you know how it is performing. 
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Senator Coburn. So let’s go back to the Management Watch List. 
Those are poorly planned? 

Ms. Evans. Yes. 

Senator Coburn. So let’s just use the Management Watch List. 
Why do they stay on the Management Watch List then? If they are 
poorly planned, where is the arrow that goes in and says poorly 
planned, fix it or quit it? Make it properly planned and fix it rather 
than keep it on the Management Watch List because it continues 
to be poorly planned. 

In other words, that is not an acceptable behavior anywhere in 
the private sector that you are going to allow somebody to continue 
to have a nightmare program and not go in and fix it. And we are 
not going to continue over a 5-year period to continue to say this 
is a poorly planned project. Somebody has to remedy a treatment 
or a solution for that problem. 

I am not upset with you all. I think you guys have done a great 
movement. I want to move us all the way. I think we are wasting 
$6 to $8 billion a year on IT right now, at a minimum in this coun- 
try because we do not do bid — we do cost-plus contracting. And we 
could get a lot of it done for a whole lot less if we held contractors’ 
feet to the fire and if we knew exactly what we wanted. Our prob- 
lem is that we do not know what we want, so we still offer a con- 
tract anyhow, and the system works to where it is cost-plus. And 
since we are changing what we want as we go, the VA has rebased 
over 90 percent of their projects, IT projects, which means they do 
not know what they want when they started it. They do not know 
the final result they want. 

As we move people onto the high-risk list, we move them onto 
the Management Watch List, there has to be — if they stay on the 
high-risk list, I understand that. It is something important for the 
Pentagon or Homeland Security or something that is strategic. But 
the Management Watch List is not. It is “poorly planned.” That is 
what the definition of it is. 

Ms. Evans. Right. 

Senator Coburn. And so why do they stay there? 

Ms. Evans. So when you look at that, I would ask for us to drop 
down a specific level, which when you look at all the different in- 
vestments that have been initially on the Management Watch 
List — it is a planning document, but we have done the analysis 
across the board, from the inception when we started the Manage- 
ment Watch List. Now we changed it from 2004 to 2005, and we 
called it a “Management Watch List” because there were activities, 
things you needed to look at and work with it. 

If you look at it from the time that we started that to now, and 
out of the thousands of investments that we had, there are 73 that 
have consistently been there for one reason or another, depending 
on where they are in the lifecycle. So when you look at that num- 
ber, 73 — I am not saying that is good, bad, or indifferent. We know 
exactly what it is. So then what you do is you drop down and you 
say, “OK, is it a systemic problem within the agency or is it that 
particular investment because they do not know what they want to 
do on that particular project.” And in the case of one agency, I 
know it is the two because it is duplication. And we are arguing 
with the agency saying that it is duplication in what you are doing 
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and so we do not agree with this, and so we have been scaling back 
and making them move those so that they are consolidating the 
system. 

So we have had that ongoing issue to consolidate down and have 
a good plan so that they can continue on with the services that 
they are doing, but consolidating it and meeting all the other re- 
quirements. We have continued to put that on the Management 
Watch List from that perspective, and then each year we work 
through that incremental performance with them. 

Now, I will tell you that when you look through the 73 invest- 
ments that are consistently on the Management Watch List, our 
numbers, even though we have not released these, match up with 
yours. We have identified the same type of issues that you have. 
There is a systemic problem at VA. There are issues at VA about 
how IT programs are being managed, how they are doing certain 
things. And the CIO there. Bob Howard, is really aggressively mov- 
ing out to address those overall weaknesses that you are now see- 
ing through all these other indicators. 

And so we are working very closely with him because there are 
underlying issues that are causing people to question why they are 
rebaselining, why these things are happening, and it does go back 
to specific things like what problem are you trying to solve and 
how will you know that you have done it and how does this invest- 
ment or this particular IT project, how is this helping you get 
there? 

Senator Coburn. I will finish up, if we can come back in a 
minute. Is there a clearance procedure at 0MB for IT programs 
throughout the government? In other words, can they initiate one 
without you all saying OK? 

Ms. Evans. That is kind of 

Senator Coburn. Well, now, that is just a yes or no answer. Can 
they initiate an IT program without OMB’s approval? 

Ms. Evans. I would say that the answer, the straight yes or no 
answer would be “yes.” I would hope that agencies, through the 
process of what we have in place, that they give us the information 
ahead of time. But we are talking about major investments, and 
when you talk about an IT project, the Exhibit 53, which is a high- 
er-level document that summarizes information, we do not get 
down into the specificity of some specific projects because we allow 
them that flexibility. 

Senator Coburn. Are you still allowing the VA some of that flexi- 
bility? And are you still allowing the Department of Health and 
Human Services that flexibility? 

Ms. Evans. No, that is a different issue on that particular one. 
So what we have in place is earned value management. There is 
a policy in place. So earned value management deals with this par- 
ticular issue. That is the actual execution. So when an agency 
starts a project, there are certain guidelines in place. You are ei- 
ther using new money, you are starting something new, or it is 
steady state. If you are using new money, you have to put this in 
place. 

And so we work very closely with these agencies, and VA in par- 
ticular is on my other list — I have another list here — from the 
earned value management, who has it in place, who has policies in 
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place, who has these things in place. That is what that issue is be- 
cause in order to really do it, you have to get an integrated base- 
line. Once you do that, the simplest way to understand it is — I plan 
these actions for this year and this is how much I think it is going 
to cost. Then I start executing out every quarter, and if I have done 
a good job planning, it is going to fall within 10 percent. If I have 
done a bad job planning, it is going to be really out there, or it may 
take an action like rebaselining. 

Senator Coburn. But if you had a fixed-price contract and you 
knew what you wanted and you competitively bid it, you would not 
have the price variance. 

Ms. Evans. You would not have a price variance, but you would 
still have a performance variance. 

Senator Coburn. Well, you may, but at least you are controlling 
the other end of it. We are not controlling the other end of it. 
Twenty percent is the average. 

Ms. Evans. Well, and we agree with you because we — that is the 
other thing that we asked the agencies right when they were start- 
ing, if they were in a new phase of the contract, or whenever a con- 
tract is coming up for renewal. All the E-Government initiatives, 
the way that we are moving those out are performance-based con- 
tracts. You pay on the level of performance. If you do not perform, 
then you do not pay. Or there are incentives for pay or there are 
disincentives for performance. 

Senator Coburn. I need to yield back, and I will yield to the 
Chairman. 

Senator Carper [presiding]. All right. Senator Akaka, you are 
recognized. Thanks for being here. 

Senator Akaka. Thank you very much, Mr. Chairman. 

Ms. Evans, I understand from your biography that you have a lot 
of experience in government. First, let me thank you for that serv- 
ice. As you may know, I am a strong advocate of choosing govern- 
ment service as a career, and I am glad you have chosen that path. 
I hope that your service will help us find a better way to deal with 
the problems that we have now. So when you hear reports like $65 
billion is being spent for 6,500 IT projects, it is difficult to under- 
stand how much investment is put in, and immediately the ques- 
tion becomes: How do we keep this in check? Is it working right? 
And this is our problem, and we are trying to find answers to do 
that. 

From your long service, I am sure that you understand better 
than most how government agencies often resist change, especially 
in processes that have been in place for years. This is often re- 
flected in the unique technology solutions adopted at many agen- 
cies, and what I am referring to is that many agencies do create 
their kinds of systems. 

In the area of information technology, should agencies be doing 
more to adopt private sector best practices so that they can use 
more off-the-shelf technology? 

Ms. Evans. So the simple answer is yes, and when we go forward 
on that — ^but I do think that there are a lot of things that we do 
within the Federal Government that the private sector does not 
have to do, especially statutory types of requirements and data as- 
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surance and information security types of requirements that Fed- 
eral CIOs need to do and are statutorily required to do. 

So I think a lot of times when you start looking at best practices, 
there are actually some really good best practices within the Fed- 
eral Government, and we need to make sure — that is what the CIO 
Council does, to make sure that they are shared across the govern- 
ment so that all of us can learn from one another. 

Senator Akaka. Mr. Powner, in 2004, GAO released a report on 
agency CIOs that found that there is high turnover, as I mentioned 
in my opening statement, with an average tenure of about 2 years. 
Can you give me your thoughts on what, if anything, the Federal 
Government can do to compete with the lucrative private sector for 
the best talent and then keep that talent in the government? 

Mr. Powner. There are several things that you can do. First of 
all, it is very difficult to compete because the salaries are com- 
parable in the Federal Government, first of all. And you are right 
that turnover is very high. On average, it is 2 years. If you look 
at political appointees, it is less than 2 years; career CIOs, slightly 
higher. 

One of the things you can do — and there are some agencies that 
have done a very good job looking at critical position pay authority, 
where you can actually pay up to the salary of the Vice President 
through critical position pay. IRS is a good example. IRS sought a 
number of those critical position pay authorities, and a lot of those 
are within their IT organization. They were able to attract some 
very talented folks. In IRS we always hear a mixed bag about 
whether they are doing well or not, but they have had some suc- 
cesses in recent years, and that is due to the critical position pay. 
So that is one area that you can look at. 

The other thing that is very important when you have this con- 
tinuity that is always at issue is the Deputy CIO position. Some 
agencies have been very effective, especially when you have polit- 
ical appointees, having a career deputy, that kind of keeps some 
continuity over time there. So that is also something that is very 
key. 

Senator Akaka. Ms. Evans, can you give me your thoughts on 
that same question? 

Ms. Evans. OK, so I am probably the exception to the rule since 
I am now a political appointee, and I am going on my fifth budget 
season. So I am past the 18-month piece here in both tenure. 

So it is hard for me as a career public civil servant to say that 
there is competition out in the private industry. To me, these jobs 
are very rewarding, and so there are reasons why you are attracted 
to public service. And these jobs, especially the CIO jobs, are very 
exciting because you are right on the cutting edge and you see ev- 
erything, and so you have the opportunity to really make a dif- 
ference. You see how things are, and you see how things can be. 
And so I think it is important for us to attract the right folks in 
here. 

Now, on a more granular level, what happens is we are required 
through the Clinger-Cohen Act to actually do a workforce assess- 
ment. We do one every 2 years. So the CIO Council actively takes 
this on. We have identified where our skill gaps are. We have iden- 
tified what our personnel gaps are, how many people we have on 
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board in those positions, and we are actively doing things to ensure 
that we can retain them through activities like pay. We are doing 
other activities along the lines to ensure that they are properly 
trained. We have put out guidance dealing with project manage- 
ment. That is a particular skill gap that we have identified that we 
have to have and recruit and retrain. 

The CIO Council has actively gone out and has programs in the 
high schools as well as the colleges to attract IT professionals into 
our area. We work very closely with several programs that the 
agencies have in cyber security, which is another area so that we 
can then do direct hires and bring them into our workforce. 

I do think that there are a lot of things that we need to talk 
about as far as leadership and continuity of that leadership, and 
there is a lot to be said about how there is the political CIO as well 
as the career deputy. But I will tell you, if you look at the agencies 
going across the board, the leadership that is in the agencies now 
look at the CIO as a critical function and now whether it is polit- 
ical or career. They look at it as what are the skill sets that we 
need, what are we going to accomplish, and who is the right person 
for that job. And I actively work with each and every department 
to ensure that we get the right person into those positions as they 
leave. 

I am very passionate about my service, and I feel that we have 
a wonderful opportunity here in the Federal Government to make 
a difference. So I think that it is attractive enough and that there 
are other things that attract us into this. And so I think everybody 
does want to do a good job when it is all said and done at the end. 

Senator Akaka. I understand that part of the problem that we 
are facing today in trying to resolve these problems is that GAO 
is having some difficulty in tracking problem projects. And the rea- 
son that I see as stated here is that 0MB does not list why specific 
projects are on the Management Watch List. 

Is that correct? And if so, what can we do to correct or improve 
that? 

Ms. Evans. So that is correct. We do not list the specific reasons 
when we release the list that is out there for the Management 
Watch List. We have really looked at that — we were discussing it 
a little bit during the break — ^because we look at the Management 
Watch List as a planning document, and what is really more im- 
portant is how agencies are actually executing, which is all the in- 
formation associated with the high-risk list because that is boots on 
the ground, what are they doing, how are they performing, and you 
can get that information on a quarterly basis. 

The Management Watch List in our view is a planning document 
that an agency is doing 2 years in advance, and so what we really 
want them to be focused on is execution and getting the things 
done. 

So this was my concern initially — ^but 100 percent transparency 
is giving us consistency here — that we get very focused on the list 
and not really focused on the results. And so that is why we put 
a lot of effort on the high-risk list. But I hear the concern, and so 
I will go back and see what we can do about when we release the 
President’s budget and the list and the information about having 
more transparency into that process. 
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Senator Akaka. And our concern, too, is that the Clinger-Cohen 
Act requires you to establish the process, analyze, track, and evalu- 
ate the risk, and also analyze the results of the major capital in- 
vestments that are made, and my question was to see that is car- 
ried out. 

Actually, we have heard from GAO that they are having dif- 
ficulty along this line, and I hope we can find a way of improving 
that. Thank you very much, Mr. Chairman. 

Senator Carper. Thank you. Senator Akaka. 

Let me go back to this chart over here for just a moment, if we 
could, and, again, we are looking at the number and type of high- 
risk with shortfalls, and the third column over says 33 of them fall 
into the category of a lack of a qualified project manager. I think 
Mr. Powner said that the number — if you quantify the dollar value 
of the projects, is about $1 billion. And we are talking a little bit 
in here about how to attract and retain qualified folks to work in 
these jobs when you are trying to compete with the private sector 
where they can make a lot more money. 

I just want to ask about the issue of a qualified project manager, 
any idea why, Ms. Evans? Is it because we are unable to attract 
and retain folks, because there is a turnover, the churn in the man- 
agers that are managing these kinds of projects? What is the deal? 

Ms. Evans. There are a couple of issues associated with that 
which we have looked at, and so we have the specific information 
by agency going across about how many project managers they ac- 
tually have on board and how they are training them and closing 
the gaps. 

Initially, what we have is we have more projects than we do 
qualified project managers right now. So that is the initial gap that 
we have identified, and that is what you are seeing right there. 
That is the validation of that. And so what we are doing is CIOs 
then are either compensating for and closing that gap in other 
ways — they put a person in there and then train the person as they 
are going along with the project. And so that is why they will show 
up that way. If it is a project that is a high-level project that needs 
the highest-level project manager, yet they only have one who is 
certified at a secondary level, they will put that person in there, 
but then they will concurrently train them as they go forward. 

So it is a gap, and it is a combination of several things: Recruit, 
retrain, the churn as people leave, and then the volume of the 
projects. So we are constantly focused on trying to close that gap. 

Senator Carper. Is it being closed? Is it steady? Is it going up? 
Is it going down in terms of — that number last year, was it 30 or 
25? Or was it higher? 

Ms. Evans. To be really honest, right now the methodology that 
we are using does not give me accurate enough data to be able to 
answer that question going forward. We are really looking through 
those numbers so that I can consistently answer, have I system- 
ically addressed what that issue is. I know what the numbers are 
by a quarterly basis of what is happening, but when I start looking 
at those in conjunction with 0PM through the scorecard, some of 
it I think I need to strengthen the process jointly with 0PM so that 
I have more validity in the numbers. 



22 


Senator Carper. Think about that question and respond in writ- 
ing and see if you cannot give a little more insight. 

Another question or two, if I can, and I think Senator Coburn 
has maybe another one or two. We will see if Senator Akaka has 
another one, and then we will go to our second panel. My goal is 
to try to wrap it up here around 4:30. I need to leave by then. So 
we are going to try to — pardon? No, it is not my train. It is a meet- 
ing with our leader. And I do not want to get on his bad list. 

Senator Coburn. It’s fun. 

Senator Carper. How would you know? [Laughter.] 

All right. For 0MB, one question. When overseeing multiple 
projects by dozens of agencies, it is important to recognize trends 
and create solutions before a problem becomes widespread. I think 
we all agree with that. I noticed that some agencies were able to 
decrease the number of projects on the Management Watch List 
fairly drastically. Others sort of continue to have difficulty effec- 
tively managing their investments. 

What is 0MB doing to highlight trends and examine the root 
cause of governmentwide problems in planning and implementing 
IT projects? 

Ms. Evans. So we do the analysis and look at the business cases 
across the board so that we can identify whether agencies are hav- 
ing a hard time really saying what the outcome is, so performance- 
based and a good way of measuring that. 

We look across the board to see if there are problems with the 
acquisition strategies and how those things — I think that has been 
highlighted. You are aware of those issues just like we are aware 
of those issues. 

So if we identify things that are specific to the workforce, like we 
were previously talking about, we will go back through the CIO 
Council and work those problems jointly with the CIO Council and 
go through and get suggestions, recommendations about how to 
deal with that. Is there a policy that needs to be done in a par- 
ticular area, or is it really execution? And is it realignment of re- 
sources, those types of things? 

So we try to see if there is broad-based types of issues going 
across, and if they are, we jointly work that with the CIO Council. 

If it is agency-specific — and in a lot of cases, it is — I work very 
closely with the budget side of the house as well as the agency 
itself, and so there are several agencies that I meet with on a 
monthly basis so that we can make sure that we are addressing 
what those overall issues are, whether they are management 
issues, it could be leadership, it could be something at the higher 
level that they do not necessarily get all the visibility that they 
need to in some of the projects. 

We do dive down vertically, and we do look across horizontally 
at those problems, and we try to highlight those when we do the 
chapter in the budget so that everyone knows what type of analysis 
we have done as we are required by Clinger-Cohen. And then the 
types of actions that we intend to take, whether it is OMB-specific 
or CIO Council types of actions. 

Senator Carper. Thanks very much. Dr. Coburn. 

Senator Coburn. Great. Thank you. 
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I guess one of the things I would like for you to answer back, 
after you have had a chance to think about it, is you have a tough 
job. I mean, this is a lot of stuff, a lot of important stuff. I would 
like for you to answer back: How do we help you? How does this 
Subcommittee help you? In other words, if there are areas where 
there needs to be oversight in specific areas, we ought to be doing 
that. We ought to be looking at it. Every now and then heat brings 
forth light, and it would be nice if we could know where we can 
actually help. Rather than just have a hearing to talk with you 
about it and ask GAO to look at it, are there specific agencies that 
ought to be before us that have failed to respond and failed to go 
up? 

I would just note, we have one in five projects that get 
rebaselined in this country. One in five. I would just tell you there 
is not anywhere else out in the private sector where they would tol- 
erate that. We have one in six without a project manager — without 
an appropriate project manager. And so we continue to go forward 
with a project even though we are required by law to have a project 
manager there that is qualified, but we go forward and do it. And 
there may be some thought as to maybe we should not do the 
project until we have the qualified project manager there because 
even though we may be more timely in our response, the cost and 
the effort and the end product may not be near as well as had we 
waited a year until we got a qualified project manager. So I would 
just like for you to think about that. 

Mr. Powner, I would like for you to just talk with me, and if you 
do not know the answer, it is fine. What percentage of our IT con- 
tracts are cost-plus versus fixed-price? 

Mr. Powner. I do not have the specific numbers on that. Dr. 
Coburn. I would tell you that there are very few fixed-price con- 
tracts. 

Senator Coburn. Is there a systemic reason why there is not 
fixed-price contracts? 

Mr. Powner. The reason is primarily because there is uncer- 
tainty with what is to be delivered and that type of thing. So the 
more we can define up front through solid requirements that are 
validated, that all helps. 

Senator Coburn. In other words, better planning, knowing what 
you want. 

Mr. Powner. Correct. 

Senator Coburn. And what your end result is to be? 

Mr. Powner. Correct. 

Senator Coburn. So the fact that we do not have that indicates 
that really our planning may be worse than what we think it is. 

Mr. Powner. I think the planning is pretty poor. If you look at 
the Management Watch List, we are saying that 40 percent of our 
projects are poorly planned, and we contend that is understated. 
OK? Because the Exhibit 300s are still — there are still games that 
are played with the Exhibit 300s. 

Senator Coburn. Are the games played because so many of the 
Exhibit 300s forms are actually filled out by the contractors them- 
selves? 

Mr. Powner. Well, I think it is just the nature of your business 
case. I mean, it is not just in the government, but in the private 
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sector, too, you do everything you can to stretch your business case 
to make sure you get the funding. But the contractors are writing 
a lot of those Exhibit 300s. That is how the process is played out, 
correct. 

Senator Coburn. All right. I will submit additional questions for 
the record. 

Senator Carper. As will I. 

Senator Coburn. Thank you both. 

Senator Carper. OK. Senator Akaka, another question? 

Senator Akaka. Yes, Mr. Chairman, I have some questions here, 
but let me ask one of them in the second round. 

Senator Carper. Please, go ahead. 

Senator Akaka. Ms. Evans, I am concerned that having both 
what they call an at-risk list and a high-risk list unnecessarily di- 
vides up the projects that are or may become problematic. These 
IT programs should be measured across several dimensions. For ex- 
ample, some projects may be inherently risky due to size but are 
executed well, while others may have been planned well but have 
poor outcomes. I am sure you have seen cases of both. 

Why wouldn’t 0MB combine all of these projects and assess them 
across the same dimensions much like 0MB does with the Perform- 
ance Assessment Rating Tool? 

Ms. Evans. So we view that the IT investments complement the 
Program Assessment Rating Tool (PART), and we do evaluate the 
IT investments in alignment with those, so there is a performance 
piece. The business case, though, has to clearly talk about how it 
aligns with program outcomes. And we do ask them about the 
PART and the process. We used to track it until all programs had 
gone through the assessment, and now agencies have to clearly 
show that alignment, whether they are meeting the efficiency 
measures in the improvement plan or they are actually dealing 
with the measures on performance. 

So we do that linkage. 

There is a difference — and we can go back and look at this, but 
there is a difference in time, and I think the way that the PART 
is structured is when they first look at it, that is how we have the 
Management Watch List. That is the business case, that is the Ex- 
hibit 300s, because of the cost that you are asking for in the budget 
process. It is a budget document. 

There is an improvement plan on the PART as the agency goes 
forward, and then they measure against the improvement plan. 
That is the same as our high-risk list. In our high-risk list, each 
one of those has a plan underneath it, and then we manage that 
on a quarterly basis looking to see how well they are executing 
against that plan. 

Now, it may not be as smooth, so we can take a look at it, but 
we have these two dimensions in time of how we are looking at it, 
and that is why we have separated it. But we do continuously ana- 
lyze it, and then we also then align it. So I hope that has helped 
in the answer going forward, but we can take a look and see if we 
can better articulate how we do the analysis with these two docu- 
ments to show that we are doing it on a continuum basis. 

Senator Akaka. Mr. Chairman, because I have another hearing 
to attend, let me conclude with this one question. 
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Ms. Evans, 0MB has put considerable effort into producing these 
risk lists, though, as we have said, we would appreciate it if more 
detailed information were available publicly. 0MB has considerable 
power to influence how agencies spend the dollars that they have 
been budgeted. 

If 0MB concludes that an individual IT program is having prob- 
lems or is failing, could it and should it use budgetary means to 
try to correct or end it? 

Ms. Evans. Yes. 

Senator Akaka. Thank you. Thank you, Mr. Chairman. 

Senator Carper. Was that the answer you were looking for? 

Senator Akaka. Yes. 

Senator Carper. All right. We will wrap up this panel with that 
response. I just want to thank you both for being back here and 
for the time you spent preparing for the testimony today and for 
your focus on these issues. 

Dr. Coburn a year or two ago put his finger on an important 
issue, and I certainly agree that it is important. He asked a real 
good question here today — several of them, but one of them was 
how can we be of further help? And I just think it is helpful when 
you put a spotlight on an issue that needs to be — an itch that 
needs to be scratched, and this is one that needs to be scratched. 
And to the extent that we can be constructive — and that is what 
we want to be — we look to you for some guidance on that front. 

In the meantime, stay vigilant, remain vigilant, and we will look 
forward to having the opportunity to continue this conversation 
further down the line. Thank you very much. 

With that, we would like to invite our second panel to come for- 
ward, please. Barry West, we are going to start off with you. I am 
going to just make a very short introduction here. Full introduc- 
tions will be in the record, but this is just the highlights. 

Mr. West joins us as Chief Information Officer at the Depart- 
ment of Commerce. Mr. West was formerly the Chief Information 
Officer and Director of the IT Services Division for the Department 
of Homeland Security and FEMA, as well as the CIO at the Na- 
tional Weather Service. He serves in a number of key associations 
and councils advising on information technology issues. 

Daniel Mintz, currently serves as the Chief Information Officer 
for the Department of Transportation. His previous experience was 
with Sun Microsystems where, for 10 years, he worked on imple- 
menting large government and commercial programs. Before that 
he served as a member of the State of Maryland Advisory Panel 
on Electronic Commerce, providing advice on enabling online com- 
merce in his State, my neighboring State to the west. 

Next we have Michael Duffy, who just last week was appointed 
as the Deputy Assistant Secretary for Information Systems and 
Chief Information Officer at the Department of the Treasury. Good 
for you. He joins Treasury after serving at the Department of Jus- 
tice where he served as the Deputy Chief Information Officer. 

Next, Scott Charbo. Mr. Charbo is the Department of Homeland 
Security’s Chief Information Officer. He has previous experience as 
CIO for the Department of Agriculture and as President of a com- 
pany called mPowerS, Incorporated. Welcome. 
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And, last, Paul Brinkley, who is the Deputy Under Secretary of 
Defense for Business Transformation at the Department of De- 
fense. Mr. Brinkley leads the business modernization for the De- 
partment of Defense, and prior to assuming his current role, he 
served as Senior Vice President of Customer Advocacy and Chief 
Information Officer for JDS Uniphase Corporation. 

We welcome you all. Your entire testimony will he made part of 
the record, and we will recognize you in the order that you have 
been introduced. If we have time for questions at the end, we will 
do that. If not, we will submit questions and ask you to respond 
for the record. I need to leave here about 4:25. 

Mr. West, you are recognized. Thank you again for coming. 

TESTIMONY OF BARRY C. WEST,i CHIEF INFORMATION 
OFFICER, U.S. DEPARTMENT OF COMMERCE 

Mr. West. Chairman Carper, Ranking Member Coburn, Senator 
Akaka, I appreciate the opportunity to address you on the Depart- 
ment of Commerce’s inclusion on the Office of Management and 
Budget’s High-Risk List and Management Watch Lists. 

Commerce has 12 information technology investments on the 
0MB High-Risk List. Of these, eight represent Commerce’s partici- 
pation in OMB’s E-Government Initiatives or Lines of Business 
with a migration component or where Commerce is a shared serv- 
ice provider. 

The 0MB High-Risk List. These investments were designated by 
0MB as high risk and include E-Travel, E-Rulemaking, E-Au- 
thentication, and the Financial Management Line of Business. The 
other four were nominated by Commerce because they meet two of 
OMB’s four high-risk criteria. The four investments nominated by 
Commerce include three components of the upcoming 2010 Decen- 
nial Census. They are the Field Data Collection Automation, 
FDCA; the Decennial Response Integration System, also known as 
DRIS; and the Master Address File and Topologically Integrated 
Geographic Encoding and Referencing system, also known as MAE/ 
TIGER. The fourth is the Ground System of the National Polar-or- 
biting Operational Environmental Satellite System, also known as 
NPOESS. All meet OMB’s evaluation criteria, that is, they have a 
baseline with clear goals, are within 10 percent of cost and sched- 
ule targets, have a qualified project manager, and avoid duplication 
with OMB’s E-Government efforts. 

0MB Management Watch List. Of Commerce’s 65 major IT in- 
vestments submitted to 0MB in the fiscal year 2008 budget, 0MB 
placed 49 on its Management Watch List. All have been remediated 
and are no longer on the Management Watch List. Of the 49, 29 
were taken off the list by December 2006, leaving 20 on the list. 
All but one were removed by March 2007; the last was removed in 
June 2007. To ensure that Commerce’s senior management under- 
stood the importance of the Management Watch List and actively 
supported corrective actions, I briefed the Executive Management 
Team, which is Commerce’s most senior executives, providing a sta- 
tus update routinely. During my weekly update to the Deputy Sec- 
retary, the most critical IT issues, including the Management 


^The prepared statement of Mr. West appears in the Appendix on page 81. 
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Watch List updates were given, status briefed, and overall progress 
was tracked. Corrective actions included completing additional doc- 
umentation necessary to demonstrate adequate planning and in- 
vestment control, largely in the areas of security and privacy. Of- 
fice of the CIO staff worked diligently with the operating units to 
research and develop additional explanatory material and to ensure 
that responses were consistent across the business cases. 

Commerce attributes its success to the strength of its informa- 
tion technology capital planning and investment control process — 
this is also known as CPIC — and to its commitment to improve IT 
security. 

Capital Planning and Investment Control. Commerce’s CPIC 
process is built on a foundation of strategic and operational IT 
planning that is integrated with processes for the selection, control, 
and evaluation of IT investments. 

The process begins with a request from my office to the operating 
units to develop a strategic IT plan within the context of maturing 
their capital planning and investment control processes. Strategic 
IT plans provide a framework for discussion and an opportunity for 
operating units to focus on the strategic use of IT resources to im- 
prove program delivery. 

The Commerce IT Review Board advises the Secretary and the 
Deputy Secretary on critical IT matters, ensuring that proposed in- 
vestments contribute to the Secretary’s strategic vision and mission 
requirements and provide the highest return on the investment or 
acceptable project risk. 

As part of its charter, the Commerce IT Review Board makes rec- 
ommendations for continuation or termination of projects under de- 
velopment at key milestones or when they fail to meet perform- 
ance, cost, or schedule criteria. 

Project Management. Commerce recognizes the importance of ef- 
fective project management to the success of IT investments. We 
have established a central source for project management exper- 
tise, advice, and guidance which focuses on four strate^c initia- 
tives. They are the establishment of standards and guidelines; pro- 
viding project management services and support; providing Depart- 
ment of Commerce program and project managers with technical 
assistance; and mentoring, training, and guiding project teams. 

In conclusion, since information technology expenditures con- 
stitute such a large portion of the Commerce annual budget, which 
is about 20 percent, or $1.7 billion, it is imperative that special 
management attention be given to the Department’s proposed and 
continuing IT investments. This is done through the capital plan- 
ning and investment control process, which continues to be 
strengthened to provide broader and deeper analysis of proposed 
new IT investments, projects under development, and projects that 
have completed deployment, as well as the overall performance of 
the portfolio. Where the cost, schedule, or performance goals of IT 
investments are not yet being fully achieved, the processes in place 
have detected the problems and directed corrective action. 

Again, I thank you for the opportunity to appear before you, and 
I look forward to answering any questions that you may have. 

Senator Carper. Mr. West, thank you for that so much. I am 
going to now recognize Mr. Mintz for his comments. Thank you. 
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TESTIMONY OF DANIEL G. MINTZ,i CHIEF INFORMATION 
OFFICER, U.S. DEPARTMENT OF TRANSPORTATION 

Mr. Mintz. Chairman Carper, Ranking Member Coburn, other 
Members of the Subcommittee, thank you for the opportunity to ap- 
pear before you today to discuss issues relating to the Department 
of Transportation’s information technology programs. My name is 
Dan Mintz; I have been the Chief Information Officer for the De- 
partment of Transportation since May 1, 2006. In that capacity, my 
responsibilities include serving as the Vice Chair of the Depart- 
ment’s Investment Review Board, which oversees all major IT in- 
vestments for the Department. 

I came to the government from Sun Microsystems. During my 
years at Sun, I managed IT programs similar in magnitude to 
those being discussed here today and understand the need for sen- 
ior management review and oversight, ensuring that all risks are 
properly mitigated. Many of the lessons learned during my time at 
Sun have helped me to more fully appreciate the issues facing de- 
partmental IT program managers and what we, as a Department, 
need to accomplish. 

My written testimony provides specifics about three IT invest- 
ments that are included on the 0MB Management Watch List and 
the 0MB High-Risk List, and one of our projects designated by 
GAO as high risk. I would like to briefly mention here my five ini- 
tiatives based on the lessons learned from those projects that we 
strongly believe will both improve ongoing program management 
and the way we are more effectively meeting mission needs overall. 

First, we are in the process of establishing a Department-wide 
program management organization. This organization will estab- 
lish systematic processes and requirements to enable a more con- 
sistent approach to program management throughout the Depart- 
ment. 

Second, we will continue to ensure that those programs identified 
as high risk and high priority are reviewed by senior managers as 
well as the Investment Review Board when cost and schedule 
variances exceed the threshold of 10 percent. 

Third, I am implementing a plan to effectively address both tech- 
nical and functional performance. We will be creating performance 
milestones developed with more precise indicators tracking pro- 
gram success. 

Fourth, we are addressing the issue of Earned Value Manage- 
ment, mentioned earlier in the first panel. This early-warning 
mechanism will further assist program managers in addressing 
risks. 

And, finally, this year we developed an improved ranking of in- 
vestments across the Department to better determine the “health 
of our investments” which we plan to update on a quarterly basis. 

In conclusion, significant progress has been made and is con- 
tinuing to be made to fully leverage information technology to meet 
the Department’s mission. Significant challenges remain, including 
the need to continue to improve our program management skills, 
manage project risks and monitor program performance so that 
management can quickly and effectively mitigate issues before a 


^The prepared statement of Mr. Mintz appears in the Appendix on page 97. 
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project becomes a troubled investment. Our experience is that 
when we develop transparent processes, collaborate with senior 
business owners and budget officials, and follow a consistent and 
robust project approach, we are able to keep most of the IT invest- 
ments off the Management Watch List or have them quickly re- 
moved. When we do not accomplish one or more of those goals, the 
results are far less positive. 

Because of the importance of many of the transportation pro- 
grams to the Nation’s economic well-being, we receive attention 
from many sources of oversight. Over the years we have learned to 
maximize the value of their input, however challenging their opin- 
ion may be. Again, I thank you for the opportunity to appear before 
the Subcommittee today, and I look forward to answering any ques- 
tions that you may have. 

Senator Carper. Mr. Mintz, thanks. We thank you for your testi- 
mony. Mr. Duffy, you are recognized. 

TESTIMONY OF MICHAEL D. DUFFY/ DEPUTY ASSISTANT SEC- 
RETARY FOR INFORMATION SYSTEMS AND CHIEF INFORMA- 
TION OFFICER, U.S. DEPARTMENT OF THE TREASURY 

Mr. Duffy. Mr. Chairman, Dr. Coburn, I appreciate the oppor- 
tunity to appear before you to discuss the management of informa- 
tion technology investments. Like the other Federal agencies rep- 
resented here today, the Department of the Treasury is diligently 
working to improve the management of its IT, especially those in- 
vestments considered to be high risk. The Department has experi- 
enced its share of IT challenges. In response. Secretary Henry 
Paulson made IT management one of his top priorities when he 
took over the Department this past year. As a new member of the 
Secretary’s management team, I am fully committed to improving 
our ability to effectively manage our IT investments to ensure busi- 
ness value from those investments. 

Treasury has an IT portfolio that totals roughly $3 billion — about 
25 percent of the Department’s budget. Of the total, $2.4 billion 
funds 63 major investments; the remaining $560 million supports 
222 “non-major” investments. 

The Department and its bureaus rely significantly on informa- 
tion technology to carry out its extensive and varied mission. Our 
largest investments are, of course, at the Internal Revenue Service, 
who uses IT to administer the tax programs. The Department, 
however, also uses IT to support other critical purposes, such as 
analyzing financial intelligence information to combat terrorism. 

Given the importance of Treasury’s IT investments, the Govern- 
ment Accountability Office reviewed and issued a report on Treas- 
ury’s IT management. The July 2007 GAO report found that Treas- 
ury has established many of the capabilities needed to select, con- 
trol, and evaluate its IT investments. However, GAO also found 
several very significant weaknesses. 

Due to these findings, GAO identified the need for Treasury to 
implement an executive-level review board to oversee IT invest- 
ments throughout the entire lifecycle of the projects. GAO also rec- 
ommended that Treasury implement a more comprehensive process 
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by which to manage all IT investments, irrespective of size, scope, 
or dollar value. 

The Department concurred with the GAO recommendations and 
began to immediately address the issues raised. I strongly support 
these steps, and I believe this is a clear indication of the commit- 
ment of the Department’s leadership to rapidly and comprehen- 
sively improve Treasury’s management of IT. 

As the new CIO, I have taken particular interest in GAO’s find- 
ings and recommendations. I believe regular engagement of our De- 
partment and bureau executives and the continuous attention to 
the progress of IT investments are integral to our Department’s 
successful planning, implementation, and use of IT. 

In the coming months, the Department intends to take several 
key steps. Foremost, we will revitalize an Executive Investment 
Review Board. We will do that in the first quarter of this upcoming 
fiscal year. Doing so will bring greater executive involvement and 
accountability into Treasury’s management of IT and will further 
ensure IT portfolio decisions are driven by our business require- 
ments and strategies. We also intend to better leverage existing 
management tools and processes that can be used to improve in- 
vestment management capabilities. 

Notwithstanding the planned changes, I note that the Depart- 
ment has already taken some steps. To ensure that all IT invest- 
ments receive comprehensive oversight, the Department began im- 
plementing process changes this past summer to ensure that all of 
our “non-major” investments go through a formal select and control 
process. 

In summary, the Department has made strides in the past year 
to improve the management and performance of its IT resources. 
Work does remain to be done. However, these efforts and the ac- 
tions we have planned to engage executive stakeholders will result 
in effective IT management at the Department of the Treasury, 
and in so doing. Treasury IT programs will provide value-added 
services to the bureaus and offices performing the Treasury mis- 
sions. 

Thank you again for the opportunity to participate on this panel. 
I would be happy to answer any questions. 

Senator Carper. Thank you, Mr. Duffy. Mr. Charbo, you are rec- 
ognized. 

TESTIMONY OF SCOTT CHARBO, i CHIEF INFORMATION 
OFFICER, U.S. DEPARTMENT OF HOMELAND SECURITY 

Mr. Charbo. Thank you. Chairman Carper, Dr. Coburn. I appre- 
ciate the opportunity to address you on the Department of Home- 
land Security’s inclusion on the Office of Management and Budget’s 
High-Risk and Management Watch Lists. 

DHS currently has 20 systems on the 0MB Management Watch 
List from the 105 major investments submitted to 0MB in the fis- 
cal year 2008 budget. We are actively managing 9 out of the 20 for 
removal from the list. These range from issues relating to cost/ 
schedule, privacy statements, and security. The remaining invest- 
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ments on the list have heen remediated, and we have submitted 
documents to 0MB for removal. 

DHS is managing 33 information technology investments on the 
0MB High-Risk List. Of these, 19 represent DHS’ participation in 
OMB’s E-Government Initiative or Lines of Business with a migra- 
tion component or where we are the managing partner of the ini- 
tiative and operate as a shared service provider. The remainder, we 
have confirmation that issues are addressed, or we have submitted 
to 0MB information addressing the high-risk list and are waiting 
future removal. 

We have made progress to improve capital planning, acquisition 
planning, procurement oversight, alignment with enterprise archi- 
tecture, and stronger policies for IT security. Collectively, this im- 
proved investment review process methodology has brought plan- 
ning, budget, program management, IT, and acquisition planning 
into a stronger alignment. 

In March, Secretary Chertoff issued Management Directive 007, 
which operates greater oversight to the Department’s CIO for IT 
issues relating to budget, acquisition, architecture, and perform- 
ance ratings of component CIOs. We have seen a response and ex- 
pect to see more improvements in IT performance as the Depart- 
ment matures. 

DHS has also worked to centralize information technology proc- 
esses and avoid unnecessary duplication by requiring adherence to 
the architecture for IT investments over $2.5 million, which was 
also appropriation requirements. To date, we have reviewed over 
$1.8 billion in acquisitions prior to committal of funds. 

I cannot emphasize enough the importance of good policy and a 
strong relationship of the CIO, the CFO, and the CPO in achieving 
any goals for improved management of IT and, more importantly, 
program performance. DHS has benefited by such a relationship 
under the direction of the Under Secretary for Management. 

This concludes my comments, and I welcome questions. Thank 
you. 

Senator Carper. Thank you, sir. Mr. Brinkley, last word. 

TESTIMONY OF PAUL A. BRINKLEY, i DEPUTY UNDER SEC- 
RETARY FOR BUSINESS TRANSFORMATION, U.S. DEPART- 
MENT OF DEFENSE 

Mr. Brinkley. Thanks. Chairman Carper, Senator Coburn, it is 
my honor to have the opportunity to appear before you to discuss 
Defense Business Transformation and its associated information 
technology investments. 

Defense Business Transformation is not an easy task. The size 
and complexity of the Department of Defense, combined with its 
unique mission, present challenges that are not faced by other or- 
ganizations undergoing transformational change. Despite these 
challenges, I believe the progress the Department has made at all 
levels under the leadership of Deputy Secretary of Defense Gordon 
England over the past 3 years has been remarkable. 

Fundamentally, business transformation requires a number of 
things: Leadership, commitment, and a strong investment manage- 
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ment and governance structure, a sound enterprise-level strategy 
for transforming business processes and the culture that our people 
work within, and a solid relationship with independent organiza- 
tions that can be unbiased arbiters of success or failure. Most im- 
portantly, and a key missing factor in many governmental trans- 
formation efforts, including prior efforts at DOD, is an awareness 
that IT projects struggle or fail because of a failure of management 
to confront necessary changes to processes, policies, and statutes. 
IT projects are too often sold as quick fixes to core management 
problems that are difficult for leaders to confront and resolve. 

Over the last 3 years, DOD has built a foundation to ensure 
these business issues are addressed before IT investments are 
made. Today, the Department’s top operational leaders are the 
champions of our organizational transformation. The Defense Busi- 
ness Systems Management Committee, established by statute, is 
chaired by Deputy Secretary England and associated investment 
review boards that provide strong investment management and 
overall transformation governance and ensure investments are 
aligned to business strategies. 

The Business Transformation Agency, established by the Deputy 
Secretary of Defense in 2005, provides an accountable organization 
for all of our DOD-wide business and system improvement efforts. 
It is staffed with a combination of best and brightest career civil 
servants and highly qualified experts and others, using hiring au- 
thorities given to the DOD by Congress. 

The Enterprise Transition Plan, produced biannually by the 
Business Transformation Agency, approved by the DBSMC, pro- 
vides a strategic plan and emphasizes business process and system 
improvements and cultural change, and it clearly articulates 6- 
month milestones for measuring progress. 

Finally, we have developed a very productive relationship with 
0MB and the GAO based on those clear metrics, proactive engage- 
ment, and responsive cooperation. 

We have successfully developed and continue to evolve the Busi- 
ness Enterprise Architecture and its associated federation strategy. 
For an organization the size of DOD, these are critical factors. We 
are driving the Department-wide adoption of continuous process 
improvement principles, and we are implementing Lean Six Signal 
methodologies. This addresses business issues that IT issues often 
suffer from. 

We are improving acquisition and fielding processes for informa- 
tion systems through developing what we call the Business Capa- 
bility Lifecycle. This is a new acquisition process for business sys- 
tems that will resolve longstanding challenges that have impacted 
delivery of business capabilities in a timely, well-informed manner. 

Under the rules of the BCL process, initial operating capability 
of an IT program must be reached within 12 to 18 months of the 
contract award, or else business cases will not be approved. This 
better aligns IT projects with technology industry innovation rates 
that are moving much faster today than our ability to field capa- 
bilities within government. 

Two major systems programs critical to the DOD that have di- 
rectly benefited from this approach are the Defense Travel System 
and the Defense Integrated Management Human Resource System, 
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called DIMHRS. By confronting and addressing policy and process 
issues long ignored, the Defense Travel System has addressed key 
issues that have been highlighted by GAO and the Congress re- 
peatedly. And it is finally realizing its full potential as a source of 
lowest fare, financially efficient travel management for the Depart- 
ment. Using a similar approach, the DIMHRS program has been 
restructured and is on a path to resolve longstanding military per- 
sonnel pay issues for the Army and Air Force beginning in 2008. 

There are many similar success stories emerging for the DOD. 
Our efforts at business transformation in the DOD will take years 
to complete. Our goal is to sustain this positive momentum beyond 
administrations and continue our ability to provide our customer, 
the American warfighter, with business practices that best enable 
their challenging mission and to provide Congress with agile finan- 
cial transparency and the accountability the American people right- 
fully expect from their government. 

Thank you. I look forward to your questions. 

Senator Carper. Thank you, Mr. Brinkley. In fact, I thank all of 
you. 

Who is here from Treasury? Mr. Duffy. And how long have you 
been there? 

Mr. Duffy. Nine days, sir. [Laughter.] 

Senator Carper. Perfect. We had at least one hearing in the last 
Congress on the issue of the tax gap, and Mark Everson, who was 
until fairly recently the Commissioner of the IRS, has now gone 
over to run the Red Cross, but he has been before us a couple of 
times in the last 2 years. We talked about, among other things, the 
tax gap. 

I do not know if you have had enough time in 9 days to figure 
out if there are any IT projects that you all are working on that 
would help us know the gap between the taxes that are owed, that 
ought to be collected, and those which are being collected. We are 
led to believe that the tax gap is — how much is it. Senator Coburn? 

Senator Coburn. Three hundred billion dollars. 

Senator Carper. And anything we can do to narrow that so that 
people do not like to pay taxes, but it is sort of rubs salt into those 
wounds when they feel like they are paying their fair share and 
other people are getting away scot free. So what have you got going 
on in that area? And is there anything in particular that we not 
just in this Subcommittee but we in this Senate can help to make 
sure that we go after those scoundrels and make sure that you 
have the tools you need to get them? 

Mr. Duffy. Unfortunately, Mr. Chairman, I have not had the op- 
portunity to get the briefings in-depth on that, and I would like to 
get back to you in writing. 

Senator Carper. Would you do that? That would be much appre- 
ciated. 

The second question I have really deals with — as you said. Sen- 
ator Coburn, and Senator Akaka — the issue of how do we attract 
and retain good talent to work in this field for the Federal Govern- 
ment when they can make, by most observations, a fair amount 
more money in the private sector? I think it was Ms. Evans who 
indicated that, well, she likes the job, she has been there 5 or 6 
years, at least, and she likes it because she gets to work on cutting- 
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edge projects. She gets a sense of civic pride in knowing that she 
is doing something good and meaningful for our country. And I can 
appreciate that. In fact, I think we can both appreciate that. 

What are you all seeing that is working in your own depart- 
ments, in your own agencies, that enables you to attract and retain 
good people? How can we learn from those experiences? What is 
working? Please, Mr. West? 

Mr. West. Yes, my experience in the 23V2 years I have had in 
government is that most of your individuals want to look for chal- 
lenges. It is not so much about the pay, but they want to be chal- 
lenged on exciting projects, and they want to be rewarded and rec- 
ognized at the end of the day. So I think we need as a government 
to recognize our people more and to continue to challenge them as 
best we can on exciting projects, but at the same time holding them 
accountable. 

Senator Carper. All right. Good answer. Thank you. 

Others, please. Mr. Mintz, you were at Sun Microsystems for, 
what, 10 years? 

Mr. Mintz. Almost 11 years. 

Senator Carper. OK. 

Mr. Mintz. And then all around the Washington area, different 
private companies. High school was the last time I was in govern- 
ment. 

One of the things that government brings that many of the jobs 
in private industry do not is a sense of mission. And I think one 
of the issues is how do we convey to people, particularly young peo- 
ple, that advantage. One of the things we are doing, we are work- 
ing — GSA has a program called IT Shadow Day where we invite 
high school kids in, and I know it has become a very active pro- 
gram, where we introduce them and take them around, and they 
get some experience with government employees as to how exciting 
it is. I think people underestimate the fact that a lot of the younger 
people are looking also for meaning in terms of their job, and that 
is something I think we have to emphasize. 

The other thing, our Deputy Secretary has been emphasizing 
things like telework and flexibility in terms of job performance. I 
think increasing that kind of flexibility helps also because, again, 
a lot of the younger people today are looking for flexibility in terms 
of how they come to work or are able to work out of their house. 

Senator Carper. One of the ways we identify good talent in our 
business in the Senate is through interns. We have undergraduate 
and graduate student interns who come in not just in our Wash- 
ington office, but we have three offices in Delaware. We will have 
interns there throughout the course of the year. We look for the in- 
terns that are especially energetic, enthusiastic, bright, committed, 
and when they have graduated, we keep track of them. And having 
developed that relationship, we know what their work ethic is and 
what their capabilities are. They know how we work and how we 
operate. And when we have an entry-level position, we go after 
them. We have kept track of them. I do not know if you all do any 
of that, but if you do not, you may want to consider it. 

Other ideas, Mr. Duffy? 

Mr. Duffy. Actually, along those lines, Mr. Chairman, there is 
a program that I believe is run out of the National Science Founda- 
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tion. It is called the CyberCorps Program. When I was at the De- 
partment of Justice, we used that program to bring in a number 
of young, talented people who are interested in the IT realm with 
obviously a bent toward IT security. That is one that I think has 
been very effective. 

I believe that Mr. Powner during the first panel mentioned the 
IRS’ critical pay authority and the ability that they have had to 
bring in some very talented people from the private sector to help 
IRS begin the process of their modernization and their evolution. 
And then, of course, I would have to echo the comments of my col- 
leagues here, some of the things that they have talked about in 
terms of the challenges. 

Senator Carper. Good. In fact, going back, as congressman, gov- 
ernor, and senator, I have had four chiefs of staff over the last 25 
years; two of them started off as interns. 

Mr. Charbo. 

Mr. Charbo. Yes, sir. As you know, DHS is a tough place to not 
only attract people but to retain them. So we have looked at some 
creative ways to attract and retain. First of all, the partnerships, 
I can again emphasize that more. In this case, our chief human 
capital officer has really taken on that role for us to try to attract 
better ITs. One example, we have run some Washington Post ads 
where we have attracted hundreds of applicants, where we actually 
can draw that certification, and then hire directly from those cer- 
tifications and move that across the Department from component 
to component, focusing on IT security. 

We are focusing on giving a better environment for those employ- 
ees once they get here. We are dispersed particularly from the 
headquarters viewpoint. It is tough to retain people in some of the 
situations that we put some of the employees into. So we are pretty 
focused on trying to develop that. And then certain benefits in 
terms of payments of loans, etc., and in terms of attracting stu- 
dents. We use interns as well. My office directly uses interns. 

So it is really a matter of getting out of the box of the typical 
government hiring processes and certification and looking for better 
ways to do it. 

Senator Carper. Good. I know there is a program in the Senate 
where our employees can continue to improve their educational 
skills, and they get financial help in doing that. In passing the 
Higher Education Act, which I think the President has just signed 
into law, there may be a provision there as well which plays to our 
advantage in the Federal Government in attracting and retaining 
talent, offering as an incentive to people some help in improving 
their academic credentials. 

Mr. Brinkley, do you have anything you wanted to add? 

Mr. Brinkley. The only thought, sir, is the personal experience 
we have had with this in the DOD and MAPS. I am sure my col- 
league from Sun Microsystems can comment on this. We are not 
going to retain a skilled technical workforce, we are not going to 
be able to hire a young engineer and get him to stay for 30 years 
in the government. The trick is to create an environment, as they 
have in the technology sector, where you can come in and in a year 
to 2 years do something significant so that when you move on your 
career moves on. And that is the way the technology sector con- 
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tinues to evolve. It leads the world in terms of innovation, and I 
think there is still a disconnect between expectations of what the 
Federal workforce must become — the people who are in it have 
been in it for many years, and they are proud of that service, and 
they should be proud of that service. But the technology world now 
is one in which you have a constant rotation of people in and out 
of companies, and they move on to another company. And the trick 
is to create an environment where a young person or anyone can 
come in and make an impact in as quick amount a time as pos- 
sible. 

So increasing and accelerating the ability to deliver value in a 
job, they will sacrifice the funding for the opportunity to serve, but 
they will not sacrifice the funding if it is going to take them 5 years 
to actually make something happen. The best and brightest do not 
want to work in an environment where it is going to take 5 years 
to feel the capability. They want to work in an environment like 
they can get in the private sector where they can do it in 6 months 
or 12 months. So to us, that is a major focus, how do we shrink 
and tighten the ability for somebody to make a difference, and in 
doing that create capabilities that the Department needs and also 
make it a desirable place to work. 

Senator Carper. Good. Those are all, I think, very constructive 
statements, and we appreciate them. I have some questions I am 
going to submit for the record, and Dr. Coburn has graciously of- 
fered to chair the hearing until its conclusion. You all should be out 
of here by suppertime. 

Senator Coburn. I am sure we will be out of here before supper- 
time. 

Senator Carper. Thank you, sir. And thank you all for joining 
us today and for your service. 

Senator Coburn [presiding]. You are all Chief Information Offi- 
cers. Do you sit down with 0MB at this CIO Council? Do each of 
you? 

[Witnesses nod yes.] 

Senator Coburn. Is there a CIO for the Pentagon? 

Mr. Brinkley. Yes, there is. He does sit on that council. 

Senator Coburn. He does sit on that council. Is there anything 
you have gleaned from one another that has been beneficial? Are 
there things that you have learned from one another in that council 
that have been beneficial other than working through with 0MB 
to get your stuff off the Management Watch List and the high-risk 
list? 

Mr. Charbo, you have been before us before. 

Mr. Charbo. Yes, sir. There is always an agenda for the council. 
Typically, it is an item of the moment or trying to drive a lot of 
the larger initiatives. There is always that member time towards 
the end where it is issues — where I may be having a situation try- 
ing to resolve something. I may want to try to steal some employ- 
ees from some of my brethren here as well. So, there is a lot of dia- 
logue and discussion within the council. It also builds the relation- 
ships so that we can share war stories, best-case examples, best 
practices, worst-case examples, worst practices, and not go down 
some of those roads. 
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Senator Coburn. OK. Let me get specific for a minute. If I look 
at the Department of the Treasury, you all rebaseline almost 50 
percent of your IT projects. Why? 

Mr. Duffy. I do not have a good answer for you at this point in 
time. The reality is, as GAO identified that we have had 

Senator Coburn. These are your responses. 

Mr. Duffy. I know. 

Senator Coburn. This is not GAO 

Mr. Duffy. No. 

Senator Coburn. We sent a letter to each agency, you all sent 
us one back, and we put this data together based on every agency 
in the Federal Government. 

Mr. Duffy. Absolutely. 

Senator Coburn. And we had it confirmed by 0MB that she saw 
the same thing. 

Mr. Duffy. And I do not refute the data. What I was going to 
say is that GAO identified, very correctly, that we have had issues 
in the past with the planning of the IT investments. The absence 
of good planning ultimately leads to needing to rebaseline. 

Senator Coburn. OK. I have a couple of questions. I am going 
to ask them, and if you cannot answer them, it is fine. 

Last tax season, the fraud detection software was not available, 
and yet you all dumped the old fraud detection software. So last 
tax season, we had no fraud detection software. Is there going to 
be fraud detection software this year? 

Mr. Duffy. I will have to get back with you with a written an- 
swer on that one, sir. 

Senator Coburn. OK. Well, it is worrisome that you do not know 
that the answer is yes. That concerns me about it. 

Just for all of you, on your project managers or your managers 
who are in charge of IT under you, is there either an incentive or 
a penalty system when there is poor planning? You testified that 
you have cleared it all up in terms of the Management Watch List. 
The Management Watch List is about poorly planned projects. But 
we are into this, the third and fourth year on these Management 
Watch Lists. So are they moving the ball on you at 0MB in terms 
of what they are requiring? Or is there not a learned cycle here 
where we understand what they want and are just not performing? 
And is there an incentive system for the people that work under 
you on these to get it right or a penalty if they do not get it right? 
Is there a cost consequence for having a failed IT project? Anybody 
want to answer? And the Pentagon is really different, and let me 
tell you why. That is why we have business transformation over 
there. They have 100 different computer systems that do not talk 
to one another, and they cannot even get to ground zero — I guess 
you are getting to ground zero now through the Controller’s Office, 
but there is a big difference in the Pentagon and almost every one 
of our other agencies in terms of communication capability. 

So anybody want to answer that? Thanks, Mr. Charbo. 

Mr. Charbo. You were going to get to me eventually, so I figured 
I would take a shot. In terms of the program managers that di- 
rectly report to me — which a majority of the program managers do 
not report to me in DHS. I would venture to say that is probably 
the case for most of the CIOs here and in government. 
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There is a direct consequence. That is part of our performance 
rating. So you set those measures in the performance plans. If they 
do not meet those you have to hold them accountable. 

Senator Coburn. How are they held accountable? 

Mr. Charbo. Directly through their bonus program, their evalua- 
tions, which could lead to dismissal. If it is an SES, they could be 
dismissed. If it is a GS level, it is a little bit different, but it could 
lead to dismissal if they continue to fail to meet expectations. 

Senator Coburn. So is that applied, for example, in your Depart- 
ment? 

Mr. Charbo. For this piece, under those who report to me, it is. 
We have a track record. A lot of times, those people will see the 
writing, and they move on. 

In terms of what the Secretary has done from the management 
directive, this year is the first year that I will actually specifically 
write recommendations on the performance evaluation for each of 
the CIOs within the components. I will preface that to say that in 
some cases some of these programs do not report directly under the 
CIO, even in the components. We are working to change some of 
that. 

Senator Coburn. But are each of your agencies — as Chief Infor- 
mation Officers, are you copied, are you made aware on a routine 
basis, what is happening on these projects? 

Mr. Charbo. At DHS now for — I talked about an improved in- 
vestment review. What we have done, what the Under Secretary 
has done, for the ones that are on the front page, typically, or that 
are very high focus, we have put an integrated team together. So 
the CIO is there, the CPO is there, the CFO is there, and we are 
working — because I will agree that the schedules — typically the 
schedules get — are very optimistic in terms of setting some of the 
program deliverables, and most of the programs that we are seeing, 
I think that would attribute to a lot of the cost/schedule variances 
that we see. 

So at this point, what we do is with the program manager we 
set those expectations. If we are having to go back and reset the 
expectation with our leadership in terms of the true price, the true 
schedule now for some of these investments, we are doing that. We 
are carrying that bad news forward to the Congress, to 0MB, to 
the leadership on a lot of these investments. 

So that is a change that is happening in DHS with a lot of the 
larger ones. That is the group that we focused with the program. 

Senator Coburn. How about the rest of you? 

Mr. Duffy. In Treasury, and as well as at Justice, where I was 
previously, what Mr. Charbo described as the overall environment 
is very much the same. There has been within the last year more 
attention paid, particularly at the SES level, to put specific per- 
formance criteria into those plans and then hold the executives re- 
sponsible. 

As for my own office — I am all of 9 days into this job, but I am 
going to get an opportunity to have some influence on the next 
round, I personally believe in putting those types of criteria into 
performance plans and holding people accountable. That is where 
we are at today. 
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I think your comments, however, and your questions are very 
good ones, and they are opportunities for us to look at how do we 
incentivize people, both negatively as well as positively. 

Senator Coburn. Anything different? 

Mr. Brinkley. Dr. Coburn, I think the question of accountability 
is a question of who we are holding accountable. I think it is a very 
common knee-jerk tendency to drag a PM through a wire brush 
session when they miss a milestone or they do something. Yet it 
is almost never the responsibility of the PM. PMs get handed 
projects that are generated by functional leaders, and it is the func- 
tional leadership that we have put accountability in place for. So 
our efforts under Secretary England have been focused on monthly 
reviews of status where we do not bring the PM in to give status; 
we bring the person who is sponsoring the project in to give status. 
And that individual is the one who drives the budget, and he is the 
one who drives the requirements. And if the project is off the rails, 
it is usually because something has gone wrong in terms of require- 
ments or change or statute or policy, and, again, as you are very 
familiar with the Defense Travel System. We have many examples 
where failure to confront the brokenness on the front end led to 
failure on the back end with the project manager trying to knit 
something together to deal with a broken process. 

Senator Coburn. And it was not the project manager that 
had 

Mr. Brinkley. Absolutely. So for us, accountability applied to the 
leadership that is generating the requirement, and this funding the 
program has made, I think, a lot of our progress possible over the 
past 2 V 2 . years. 

Senator Coburn. You all do not know about DTS. Mr. Brinkley 
does and a lot of other people do. This is something we have been 
looking at for 214 years, and it is a great example of how not to 
do it — in other words, not clear goals, not knowing what you want- 
ed to get, and having a cost-plus program that originally cost sup- 
posedly $30 million — and I think it has ended up at $670 million. 
And you extrapolate — and we are seeing that across agencies. We 
are seeing that in Commerce. The Census has no fixed-price con- 
tracts. They are all cost-plus. And the contracts that were issued 
were kind of — well, we are kind of guessing what we want. Why 
don’t you develop what we think we want? And so what we did was 
have very poor planning. And at the same time, we did not put any 
of the efforts on an online census, which is IRS, Treasury — what 
is it, 55 percent now filed online with secure data? Tremendous. 
And so the capability was out there, but we did not have the vision 
or the leadership or the management to get that done to save this 
money. We gave your Assistant Secretary information that the pri- 
vate sector, in terms of mailing and Internet, can do it for one- 
eighth of what the Census can do it. And I think you may have ac- 
tually seen that. That was a company we asked to prepare it who 
competes with you all in lots of other areas. But it just goes to 
show you that if, in fact, we will plan and we really know what our 
goals are, we identify what our goal really is rather than saying 
we think this is what we want. We should not go forward until we 
know what we want. 
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And so I appreciate you guys being in the positions that you are 
in. You make a big difference — $65 billion of which about $14 to 
$15 billion is really at risk, which in this day and age, if we can 
make it not at risk and we can convert cost-plus contracts to fixed- 
price contracts, you will have a little more leverage to do other 
things within your agencies rather than this. 

I do not mean to sound that I am not appreciative of what you 
all do. You all are managers. I know what you are doing, and the 
goal is there. We have to get consistent on it. 

Let me just ask you, Mr. West, right now GAO is real concerned 
about IT on the census. Can you give me a comfort level that is 
different than what GAO has? Since you are kind of over that, are 
you feeling good about that? 

Mr. West. I feel good about the leaders that we have in IT out 
there. Having been involved in the census — I was heavily involved 
in the 1990 census, spent 8 years at Census, so I actually have a 
really good feel for what goes into a decennial. A lot of those same 
folks have been around for four or five censuses. They are using 
the handhelds this year. As you know, they went with the Harris 
contract. I feel comfortable as they move forward. I have been 
heavily involved in a lot of their briefings. I do have a comfort level 
that they are going to make this work. It has been a challenge as 
you know, but I feel that they have the right people there — ^you 
have provided the attention to really make them accountable as we 
move forward. 

Senator Coburn. OK. Just one final thing. I want to ask about 
DOT and the telecommunications at FAA as well as the traffic con- 
trol programs. Those are both big programs. There has been a lot 
said. 

Are you all being oversighted by other subcommittees, both in 
the House and in the Senate, in terms of the traffic control? Have 
you come and made a presentation to Congress on those IT pro- 
grams? 

Mr. Mintz. Well, the FAA has. Most of my personal interaction 
has been directly with GAO. When I first came here, I actually 
reached out to GAO, and before any of the investigations came on 
the table, and asked them to come over to figure out how best to 
work with them. And then I have worked with now the former ad- 
ministrator, Marion Blakey, and the FAA people set up a regular 
program with GAO to look at the air traffic control system and 
working on how to get it off the GAO High-Risk List, which is a 
little bit different issue than the 0MB one. 

Senator Coburn. Right. Is there anything that any of you all 
would want us to do that would be helpful in you accomplishing 
what you are trying to do? I have had quite a few experiences on 
different things with the Defense Department’s modernization, and 
I feel real comfortable they are moving. It is slow, but it is moving. 
Are there other things that we can do or areas we need to look into 
that will make you more effective, give you a greater tool? Is there 
a tool that we need to provide that will allow you to manage more 
efficiently and get better results as you do your job? 

Mr. Mintz. Well, there are two things that I guess I would en- 
courage you to continue to do. First of all, the emphasis on trans- 
parency, one of the things that is certainly true in terms of my pri- 
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vate industry experience and is certainly true here in the govern- 
ment is that the more transparent we can make this and the more 
visible in public that we can make all the information, the better 
off we are, because a lot of the problems surface, whether we like 
it or not, when we make all the information public because inter- 
mediaries that are interested in the topics look at them closely and 
hold us accountable. 

The other thing, some of the conversation you had in the first 
panel, I think the encouragement with 0MB is a good one and with 
GAO is a good one, that we need them to continue to be aggressive. 
I think, at least I know speaking just for Transportation, our chal- 
lenge is to internalize the 0MB directive and make it true within 
the Department. 

Senator Coburn. Make it a culture. 

Mr. Mintz. There is a tendency, when I first came, to look at 
0MB as sort of the parent, that if 0MB said it was wrong, then 
we would do something about it. But if they did not say it was 
wrong, we sort of went on. 

And the focus that I have tried to bring and I think is being 
adapted is we have to be 0MB, that is, we have to integrate these 
lessons into the culture and change the internal behavior because 
it is the right thing to do. 

So the more I think people like yourself focus on making all this 
information transparent will force changes in that kind of 

Senator Coburn. Well, you all know January 1 of this year, 
every penny you spend other than for security is coming up. It is 
going to pop up. If it is not there, we are going to be having hear- 
ings on why it is not there. And by September of next year, all the 
subcontractors all throughout the Defense Department, all 
throughout every agency and all the sub-grantees, it is all going to 
be there. We are going to know who got it, how much they got, and 
what they did with it. So it is going to make us better. It is going 
to make us all better. 

I want to thank each of you for the job you do, the service to our 
country, for coming and testifying. You will probably get some 
questions from some of the Members of the Subcommittee. We 
would love to have you respond to those in 2 weeks. 

With that, thanking you for your service, the hearing is ad- 
journed. 

[Whereupon, at 4:43 p.m., the Subcommittee was adjourned.] 
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Good afternoon, Mr. Chairman and Members of the Subcommittee. My remarks will focus on 
the Administration’s strategy and progress in Hacking, analyzing and evaluating the Federal 
government’s information technology (IT) investments. 

The President proposed to spend roughly $66 billion in FY2008 for IT and associated support 
services to bolster the multiple and wide-ranging missions of the Federal government. \^en 
well executed Ihete IT investments help improve the ability of the government’s programs and 
operations to more effectively deliver services, products, and information to the public. 

OMB facilitates the process by which agencies successfiilly and securely plan, implement, and 
manage their IT investments. In particular, you have requested a discussion of die effectiveness 
of the tools we employ throughout the year to oversee major capital investments in information 
technology. After providing you with an overview of the entire process, I would then like to 
discuss two specific tools used — the “Management Watch List” and our “high-risk list”. In 
general, OMB executes its responsibilities using various methods such as; 

• Reviewing agencies’ annual budget submissions; 

• Engaging with agencies throughout the year on such issues as the electronic government 
scorecard of the President’s Management Agenda (PMA); and 

• Monitoring specific projects of interest to OMB. 

IT Investment and The Budget Cycle 

Each year, OMB updates and issues guidance, called Circular A-1 1, to the agencies for 
preparing, submitting and executing the budget.’ Agency submissions must reflect the pKilicies 
of the President, including implementation of the President’s Management Agenda initiatives. 

Two sections of this Circular provide additional guidance about IT funding requests specifically 
targeted at agency project planning.^ Agencies must answer direct questions on performance 


‘ Circular A*ll, “Preparation, Submission, and Execution of the Budget”, 
http://www.^-hitehouse.gov/'Qmb^budget/'i\20Q8/ . 

^ Sectic® 53, “Information Technology and E-Govemment” ^ Section 300, “Planning, Budgeting, Acquisition, 
and Management of Capital Assets.” 
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goals and measures, project management, alternative analysis, Enterprise Architecture earned 
value management, security plans, and privacy impact assessments. 

Agencies must also include in their response supporting details in a “Capital Asset Plan and 
Business Case” (business case), or 0MB Exhibit 300. Please note business cases are primarily 
executive summaries of detailed planning documents. Performance information is obtained and 
evaluated via other metrics which I will describe shortly. OMB reviews and evaluates these 
business cases as a part of our overall assessments of an agency's entire budget submission. Our 
summary of where agencies stand with their planning for IT investments is reported as part of 
Analytical Perspectives, Chapter 9, “Integrating Services with Information Technology” in the 
President's FY2008 Budget.^ 

This report is an OMB requirement under the Clinger-Cohen Act. As I have discussed in 
previous testimony on similar topics, the Clinger-Cohen Act establishes processes for executive 
agencies to analyze, track, and evaluate the risks and results of major capital investments for 
information systems. 

It is important to note, OMB is but one of the intended audiences for the business case - the 
primary audiences are the agency officials and their investment review boards. These managers 
should use the business cases to effectively manage their own IT portfolios and submit to OMB 
only those investment requests meeting criteria specified in law and or OMB policies and 
supporting the priorities of the Administration. 

Agencies submit their overall Agency IT Investment Portfolio as OMB Exhibit 53. For the FY 
09 budget cycle, we have modified the exhibit 53 adding a “High Risk Project designations” as a 
new investment category for projects that are only portions of a larger consolidated investment. 
For the first time agencies will also identify whe^er or not each individual investment in their 
exhibit 53 is included on their quarterly High Risk List report. 

Using the President’s Management Agenda Scorecard to Assist Oversight 

Each quarter agencies receive a scorecard reporting their progress and status in achieving 
Government-wide goals under the PMA. OMB analyzes information provided on business cases 
when evaluating agencies’ activities pertaining to the Electronic Government component of the 
scorecard. 

We deliberately included a criterion for “acceptable business cases” to emphasize its importance 
in effective IT investment management. It is just one of a number of components agencies must 
satisfy to get to green (or yellow) for the scorecard. Agency scores are posted quarterly at 
http://results.gov/agenda/scorecard.html . 

The Management Watch List in the President’s FY2008 Budget 


’ http://'www.whitehouse.gov/omb/budget/tV2008/ 
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The information included in each business case ultimately helps OMB and the agencies ensure 
effectively planned IT investments and improve portfolio management. Business cases reflecting 
one or more planning weaknesses are placed on the “management watch list” and are targeted for 
follow-up. 

The FY2008 President’s budget proposes approximately $66 billion for IT and associated 
support services. Of the 840 business cases submitted this year, there were initially 346, valued 
at least $14.4 billion, not meeting the criteria for success as defined in the President’s 
Management Agenda Scorecard. However, agencies, with the support of OMB, have an 
opportunity to remediate these deficiencies and monitor progress after the initial reporting 
period. This year, OMB collaborated with the President’s Council on Integrity and Efficiency as 
well as relevant agency Inspector Generals to assist with the independent verification and 
validation for areas of concern. 1 am pleased to report that as of August 2007, there were 136 
business cases remaining on the Management Watch List with at least $8.6 billion in projected 
IT spending for FY2008, a decrease of $5.8 billion from the list published in February 2007. 

Improving Project Performance with the High-Risk List 

Having described a business case as a planning document and the Management Watch List as a 
tool used by OMB to track agency project planning, I would also like to describe another 
indicator - the high risk list. The high risk list is used to analyze and evaluate actual project 
execution and performance. 

Over the past several years, agencies have striven to improve the quality of their IT project 
planning and justification, but the realization that it is important to continue this improvement 
during the execution phase of the IT project is a more recent development. OMB guidance'* now 
describes specific procedures to assist agencies’ improvement of project planning and 
implementation of earned value management. 

The objective of our analysis is to manage the risk associated with the IT project each quarter to 
achieve the intended outcomes. Each quarter agencies evaluate and report to us on the 
performance of high risk projects. These projects are considered high-risk, requiring special 
attention from the highest level of agency management and oversight authorities due to the size, 
complexity, and/or nature of the risk of the project, but are not necessarily at-risk. For example, 
a successfully performing project may still be classified as high-risk due to exceptionally high 
costs and or complexity. For example, all e-govemment initiatives have been determined to be 
“high risk” and therefore are reported on agency quarterly reports. 

Oversight authorities and agency management have tangible data on the performance of projects 
at least quarterly to better ensure improved execution and performance. Agency managers and 
oversight authorities should know within 90 days if a project is not performing well. OMB then 
works in partnership with agencies and GAO to address deficiencies in high-risk programs. It is 
therefore a collaborative effort to manage project risk and avoid problems should they occur or 
catch them early before taxpayers’ dollars are wasted. 


■' http://www.whitehouse.gov/otnb/raemoranda/2005.htinl 
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The "high risk list" approach is separate and distinct from the “management watch list” since it 
presents oversight authorities with information differing in focus, timing, and expected results. 
It is not designed to replace pre-existing oversight and internal agency processes, but rather to 
supplement and complement them. 

This concludes my presentation of the Administration’s strategy and progress to date in 
analyzing, tracking, and evaluating the results of the government’s IT investments. 
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INFORMATION TECHNOLOGY 

Further Improvements Needed to Identify and 
Oversee Poorly Planned and Performing Projects 


What GAO Found 

OMB and federal agencies have identified approximately 227 IT projects — 
totaling at least $10.4 billion in expenditures for fiscal year 2008 — as being 
poorly planned (on the Management Watch List), poorly perfomiing (on the 
High Risk List with performance shortfalls), or both. The fi^re below shows 
the distribution of these projects as well as their associated dollar values. 


Poorly Planned and Poorly Performing IT Projects (as of June 2007) 


Management Watch List High Risk List with shortfalls 
136{S8.6B) 124 ($6.08) 



Seuru: GAO tnafysis of 0M8 daM. 

OMB has taken steps to improve the identification and oversight of the 
Management Watch List and High Risk projects by addressing 
recommendations previously made by GAO, however, additional efforts are 
needed to more effectively perform these activities. Specifically, GAO 
previously recommended that OMB take action to improve the accuracy and 
reliability of exhibit 300s and coasistent application of the high risk prefects 
criteria, and perform governraentwide tracking and analysis of Management 
Watch List and high risk project information. In response to these 
recommendations, OMB, for example, started publicly releasing aggregate 
lists of Man^ement Watch List and high risk projects by agency in September 
2006 and has been updating them since then on a quarterly basis. However, 
OMB does not publish the reasons for placing projects on the Management 
Watch List, nor does it specifically identic why high risk projects are poorly 
performing. Providing this information would allow OMB and others to better 
analyze the reasons projects are poorly planned and performing, take 
corrective actions, and track these prefects on a govemmentwide basis. Such 
informarion would also help to highlight progress made by agencies or 
proje^, identify m^agement issues that transcend individual agencies, and 
highlight the root causes of governmentwide issues and trends. Until OMB 
makes further Improvements in the identification and oversight of poorly 
planned and poorly performing IT projects, potentially billions in taxpayer 
dollars are at risk of being wasted. 


.United States Government Accountability Office 
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Mr. Chairman and Members of the Subcommittee: 

1 am pleased to be here today to discuss the federal government’s 
key processes for improving the management of information 
technology (IT) investments totaling $65 billion for fiscal year 2008. 
Effective management of these investments is essential to the 
health, economy, and security of the nation. The Office of 
Management and Budget (0MB) plays a key role in overseeing 
feder^ IT investments. In particular, as required by the Clinger- 
Cohen Act, 0MB must establish processes to analyze, track, and 
evaluate the risks and results of m^or capital investments in 
information systems made by executive agencies and to report to 
Congress on the net program performance benefits achieved as a 
result of these investments. 

To help carry out its oversight role, 0MB has developed several 
processes, including its Management Watch List and high risk 
projects.' The Management Watch List identifies projects that are 
poorly planned (projects with weaknesses in their funding 
justifications, known as exhibit 300s). High risk projects require 
special attention from oversight authorities and the highest level of 
agency management, and include projects that are poorly 
performing (projects experiencing performance shortfalls, meaning 
that they do not meet one or more of four performance evaluation 
criteria).* The Management Watch List and high risk processes are 


‘ While not a subject of my testimony, 0MB also uses the e-Gov Scorecard as a mechanism 
for managing federal IT projects. Quarterly e-Gov Scorecards are reports that use a 
red/yellow/green scoring system to illustrate the results of OMB's evaluation of agencies’ 
Implementation of e-govemment criteria in the President’s Management Agenda. The 
scores are determined in quarterly reviews, where 0MB evaluates agency progress toward 
agreed-upon goals along several dimensions, and provides input to the quarterly reporting 
on the President’s Management Agenda. Key criteria used to score agencies e-goverrunent 
process include acceptable business cases, cost and schedule performance; and security 
accreditation. As of June 30, 2006, 21 of the 26 departments/major agencies were identified 
as having a yellow (mixed results) or red (unsatisfactory) score. 

* High risk projects are identified as having performance shortfalls if one or more of the 
following performance evaluation criteria are not met: establishing baselines with clear 
ct^t, schedule, and perfonnance goals; maintaining the project's ccsl and schedule 
variances within 10 percent; assigning a qualified project manage^ and avoi(^ng 
duplication by leveraging inter-agency and govemmentwide investments. 
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instrumental in helping to identify and improve oversight of poorly 
planned and poorly performing projects. 

Last September, we testified on OMB’s oversight of federal IT 
projects. We highlighted the number and dollar value of the projects 
identified as poorly planned and/or poorly performing as a result of 
the Management Watch List and high risk processes. Given the 
importance of OMB’s oversight processes, you asked us to (1) 
provide an update on the Management Watch List and High Risk 
projects, and (2) identify OMB’s efforts to improve the identification 
and oversight of these projects. In preparing this testimony, we 
summarized our previous reports on initiatives for improving the 
management of federal IT investments and interviewed 0MB staff 
on their efforts to better identify and oversee Management Watch 
List and high risk projects.® We also analyzed current Management 
Watch list and high risk project information. We performed our 
work in accordance with generally accepted government auditing 
standards. 


Results in Brief 

OMB and federal agencies have identified approximately 227 IT 
projects — totaling at least $10.4 billion in expenditures for fiscal 
year 2008 — as being poorly planned, poorly performing, or both. 
Specifically, through the Management Watch List process, OMB 
determined that 103 projects (totaling about $4.5 billion) are poorly 
planned. In addition, agencies reported that 91 of their high risk 
projects (totaling about $1.8 billion) were poorly performing. 
Thirty-three projects (totaling about $4.1 billion) are both poorly 
planned and poorly performing. For example, the Department of 
Treasury’s Electronic Fraud Detection System was identified as 
being poorly planned, the Social Security Administration’s Disability 


GAO, Informalion Technology: OMB Can Make More Effective Use of Its Investment Reviews. 
GAO-05-276 (Washington, D.C.: April 15, 20051; Information Technology: Agencies Need to 
Improve the Accuracy and Reliability of Investment Information, GAO- 06-250 (Washington, 

D.C.: Jan.l2, 2liIXiy, Information Technology: Agencies and OMB Should Strengthen Processes for 
Identifying and Overseeing High Risk Projects, GAO-06-647 {Washington, DC, June 15, 2006). 
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Senice Improvement i^Yoleci was identified as being poorly 
performing, and the Department of Homeland Security’s Secure 
Border Initiative Net Technology Program was identified as being 
both poorly plarmed and poorly performing. 

0MB has taken steps to improve the identification and oversight of 
the Management Watch list and High Risk projects by addressing 
some of the recommendations that we had made previously. 
However, additional efforts are needed to more effectively perform 
these activities. Specifically, we previously recommended that 0MB 
take action to improve the accuracy and reliability of exhibit 300s, 
of application of the high risk projects criteria, and perform 
govemmentwide tracking and analysis of Management Watch List 
and high risk project information. In response to our 
recommendations, 0MB, for example, started publicly releasing 
aggregate lists of Management Watch List and high risk projects by 
agency in September 2006 and has been updating them since then on 
a quarterly basis by posting them on their website. However, 0MB 
does not publish the reasons for placing projects on the 
Management Watch List, nor does it specifically identify why high 
risk projects are poorly performing. Providing this information 
would allow 0MB and others to better analyze the reasons projects 
are poorly planned and performing, take corrective actions, and 
track these projects on a govemmentwide basis. Such information 
would also help to highlight progress made by agencies or projects, 
identify management issues that transcend individual agencies, and 
highlight the root causes of govemmentwide issues and trends. Until 
0MB makes further improvements in the identification and 
oversight of poorly planned and poorly performing IT projects, 
potentially billions in taxpayer dollars are at risk of being wasted. 


Background 

Each year, 0MB and federal agencies work together to determine 
how much the government plans to spend for IT and how these 
funds are to be allocated. Federal IT spending has risen to an 
estimated $65 billion in fiscal year 2008. 


Page 3 


GAO-07-1211T 



52 


0MB plays a key role in overseeing the implementation and 
management of federal IT investments. To improve this oversight, 
Congress enacted the CUnger-Cohen Act in 1996, expanding the 
responsibilities delegated to OMB and agencies under the 
Paperwork Reduction Act^ Among other things, Clinger-Cohen 
requires agency heads, acting through agency chief information 
officere, to better link their IT planning and investment decisions to 
program missions and goals and to implement and enforce IT 
management policies, procedures, standards, and guidelines. The 
act also requires that agencies engage in capita! planning and 
performance and results-based management.® OMB’s responsibilities 
under the act include establishing processes to analyze, track, and 
evaluate the risks and results of m^or capital investments in 
information systems made by executive agencies. OMB must also 
report to Congress on the net program performance benefits 
achieved as a result of major capital investments in information 
systems that are made by executive agencies.* 

In response to the Clinger-Cohen Act and other statutes, OMB 
developed policy for planning, budgeting, acquisition, and 
management of federal capital assets. This policy is set forth in OMB 
Circular A-Il (section 300) and in OMB’s Capital Programming 
Guide (supplement to Part 7 of Circular A-11), which directs 
agencies to develop, implement, and use a capital programming 
process to build their capital asset portfolios. Among other things, 
OMB’s Capital Programming Guide directs agencies to 

• evaluate and select capital asset investments that will support core 
mission functions that must be performed by the federal 
government and demonstrate projected returns on investment that 
are clearly equal to or better than alternative uses of available public 
resources; 


* 44 U.S.C. f 3504(a)(l)(B)(vi)(OMB): 44 U.S.C. § 3506(h)(5) (agencies). 

* 40 U.S.C. § 1 1312; 40 U.S.C. § 1 1313. 

* TTiese requirements are specifically described in the Clinger-Cohen Act, 40 U.S.C. § 11302 
(c). 
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• institute performance measures and management processes that 
monitor actual performance and compare to planned results; and 

• establish oversight mechanisms that require periodic review of 
operational capital assets to determine how mission requirements 
might have changed and whether the asset continues to fulfill 
mission requirements and deliver intended benefits to the agency 
and customers. 

To further support the implementation of IT capital planning 
practices as required by statute and directed in OMB’s Capital 
Programming Guide, we have developed an IT investment 
management framework’ that agencies can use in developing a 
stable and effective capital planning process. Consistent with the 
statutory focus on selecting,* controlling,’ and evaluating” 
investments, this framework focuses on these processes in relation 
to IT investments specifically. It is a too! that can be used to 
determine both the status of an agency's current IT investment 
management capabilities and the additional steps that are needed to 
establish more effective processes. Mature and effective 
management of IT investments can vastly improve government 
performance and accountability. Without good management, such 
investments can result in wasteful spending and lost opportunities 
for improving delivery of services to the public. 


’GAO, Information Technology Investment Management A F^eamework for Assessing and 
Improving Process Maturity, GAO-04.394G (Washington, D,C.: March 2004). 

* During the selection phase, the organization (1) identifies and analyzes each project’s 
risks and returns before committing significant ^nds to any project and (2) selects Uiose 
IT projects that will best support its mission needs. 

® During the control phase, the orgMiization ensures that, as projects develop and 
investment expenditures continue, the project is continuing to meet mission needs at the 
expected levels of cost and risk. If the project is not meeting expectations or if problems 
have arisen, steps are quickly taken to address the deficiencies. 

During the evjduation phase, actual versus expected results are compared once projects 
have been fully implemented. This is done to (1) assess the project’s impact on mission 
performance, (2) identify any changes car modifications to the project that may be needed, 
and (3) revise the investment management process based on lessons learned. 
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Prior Reviews on Federal IT Investment Management Have Identified Weaknesses 

Only by effectively and efficiently managing their IT resources 
through a robust investment management process can agencies gain 
opportunities to make better allocation decisions among many 
investment alternatives and further leverage their investments. 
However, the federal government faces enduring IT challenges in 
this area. For example, in January 2004 we reported on mixed 
results of federal agencies’ use of IT investment management 
practices." Specifically, we reported that although most of the 
agencies had IT investment boards responsible for defining and 
implementing the agencies' investment management processes, 
agencies did not always have important mechanisms in place for 
these boards to effectively control investments, including 
decision-making rules for project oversight, early warning 
mechanisms, and/or requirements that corrective actions for 
underperforming projects be agreed upon and tracked. 
Executive-level oversight of project-level management activities 
provides organizations with increased assurance that each 
investment will achieve the desired cost, benefit, and schedule 
results. Accordingly, we made several recommendations to agencies 
to improve their practices. 

In previous work using our investment management framework, we 
reported that the use of IT investment management practices by 
agencies was mixed. For example, a few agencies that have 
followed the framework in implementing capital planning processes 
have made significant improvements." In contrast, however, we and 
others have continued to identify weaknesses at agencies in many 
areas, including immature management processes to support both 
the selection and oversight of m^or IT investments and the 
measurement of actual versus expected performance in meeting 


" GAO, Information Technology Management- Goverrmentwide Strategic Planning, 
Performance Measurement and Investment Management Can Be Further Improved, GAO- 
04-49 (Washington, D.C.: Jan. 12, 2004). 

" These agencies include the Departments of Agriculture, Commerce, and the Interior. 
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established performance measures.'® For example, we recently 
reported that the Department of Homeland Security and the 
Department of Treasury did not have the processes in place to 
effectively select and oversee their m^or investments." 


OMB’s Management Watch List Is Intended to Correct Project Weaknesses and Business 
Case Deficiencies 

To help ensure that investments of public resources are justified and 
that public resources are wisely invested, 0MB began using its 
Management Watch List in the President's fiscal year 2004 budget 
request, as a means to oversee the justification for and planning of 
agencies’ IT investments. This list was derived based on a detailed 
review of the investments' Capital Asset Plan and Business Case, 
also known as the exhibit 300. 

The exhibit 300 is a reporting mechanism intended to enable an 
agency to demonstrate to its own management, as well as 0MB, that 
a major project is well planned in that it has employed the 
disciplines of good project management; developed a strong 
business case for the investment; and met other Administration 
priorities in defining the cost, schedule, and performance goals 
proposed for the investment. 

We reported in 2005 that 0MB analysts evaluate agency exhibit 300s 
by assigning scores to each exhibit 300 based on guidance presented 
in 0MB Circular A-ll." As described in this circular, the scoring of a 
business case consists of individual scoring for 10 categories, as 


’* For example, GAO, Information Technology; TYeasury Needs to Strengthen Its 
Investment Board C^rations and Oversight, GAO-07-865 (Washington, D.C.; Jul. 23, 2007); 
Information Technology: OHS Needs to I^Iy Define and Implement f^lia'es and 
Procedures for Effectively Managing Investments, GAO-07-424 (Washington, D.C., Apr. 27, 
200^; Information Technology: Centers for Medicare & Medicaid Services Needs to 
Establish Critical Investment Management Capabilities, GAO-06-12 (Washington, D.C.; Oct 
28, 2005); Information Technology: Departmental Leadership CruciM to Success of 
Investment Reforms at Interior, QAO-Q5-102B (Washington, D.C.: Sept 12. 2003); and 
United ^les Postal Service: (^portunities to Strengthen ITInvestment Management 
Capabilities, GAO-03'3 (Washington, D.C.; Oct. 15, 2002). 

GAO-0742<1 and GAa07-865. 

"GAoeMre. 
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well as a total composite score of all the categories. The 10 
categories are 

• acquisition strategy, 

• project (investment) management, 

• enteiprise architecture, 

• alternatives analysis, 

• risk management, 

• performance goals, 

• security and privacy, 

• performance-based management system (including the earned 
value management system),** 

• life-cycle costs formulation, and 

• support of the President’s Management Agenda. 

Projects are placed on the Management Watch List if they receive 
low scores (3 or less on a scale from 1 to 5) in the areas of 
performance goals, performance-based management systems, 
security and privacy or a low composite score. 

According to 0MB, agencies with weaknesses in these three areas 
are to submit remediation plans addressing the weaknesses. 0MB 
officials also stated that decisions on follow-up and monitoring the 
progress are typically made by staff with responsibility for, reviewing 
individual agency budget submissions, depending on the staffs 
insights into agency operations and objectives. According to 0MB 
officials, those Management Watch List projects that receive specific 
follow-up attention receive feedback through the passback process, 
targeted evaluation of remediation plans designed to address 
weaknesses, the apportioning of funds so that the use of budgeted 
dollars was conditional on appropriate remediation plans being in 
place, and the quarterly e-Gov Scorecards. 0MB removes projects 


** Earned value management is a project management tool that integrates the investment 
scope of work with schediJe and cost elements for investment planning and control. This 
method compares the value of work accomplished during a given period with that of the 
work expected in the period. Differences in expectations are measured in both cost and 
schedule variances. 


Page 8 


GAO-07-1211T 



57 


from the Management Watch List as agencies remediate the 
weaknesses identified with these projects’ business cases. 


OMB’s High Risk Projects Process Intended to Correct and Improve Project 
Performance 

As originally defined in 0MB Circular A-11 and subsequently 
reiterated in an August 2005 memorandum, high risk projects are 
those that require special attention from oversight authorities and 
the highest levels of agency management. These projects are not 
necessarily "at risk" of failure, but may be on the list because of one 
or more of the following four reasons: 

• The agency has not consistently demonstrated the ability to manage 
complex projects. 

• The project has exceptionally high development, operating, or 
maintenance costs, either in absolute terms or as a percentage of 
the agency’s total IT portfolio. 

• The project is being undertaken to correct recognized deficiencies 
in the adequate performance of an essential mission program or 
function of the agency, a component of the agency, or another 
organization. 

• Delay or failure of the project would introduce for the first time 
unacceptable or inadequate performance or failure of an essential 
mission function of the agency, a component of the agency, or 
another organization. 

Most agencies reported that to identity high risk projects, staff from 
the Office of the Chief Information Officer compare the criteria 
against their current portfolio to determine which projects met 
OMB’s definition. They then submit the list to 0MB for review. 
According to 0MB and agency officials, after the submission of the 
initial list, examiners at 0MB work with individual agencies to 

— — - identify or remove projects as appropriate. According to most 

agencies, the final list is then approved by their Chief Information 
Oificer. 

For the identified high risk projects, beginning September 15, 2005, 
and quarterly thereafter, Chief Information Oificers are to assess, 
confirm, and document projects’ performance. Specifically, agencies 
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are required to determine, for each of their high risk projects, 
whether the project was meeting one or more of four performance 
evaluation criteria: 

• establishing baselines with clear cost, schedule, and performance 
goals; 

• maintaining the project’s cost and schedule variances within 10 
percent; 

• assigning a qualified project manager; and 

• avoiding duplication by leveraging inter-agency and 
govemmentwide investments. 

If a high risk project meets any of these four performance evaluation 
criteria, agencies are instructed to document this using a standard 
template provided by 0MB and provide this template to oversight 
authorities (e.g., 0MB, agency inspectors general, agency 
management, and GAO) on request Upon submission, according to 
0MB staff, individual analysts review the quarterly performance 
reports of projects with shortfalls to determine how well the 
projects are progressing and whether the actions described in the 
planned improvement efforts are adequate using other performance 
data already received on IT projects such as the e-Gov Scorecards, 
earned value management data, and the exhibit 300. 
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Poorly Planned and Performing Projects Total at Least $10 Billion in 
Estimated Expenditures for Fiscal Year 2008 

0MB and federal agencies have identified approximately 227 IT 
projects — totaling at least $10.4 billion in expenditures for fiscal 
year 2008 — as being poorly planned, poorly performing, or both. 
Figure 1 shows the distribution of these projects and their 
associated dollar values. 


Figure 1 : Poorly Planned and Poorly Performing IT Projects (as of June 2007^ 


Management Watch List High Risk List with shortfalls 
136($a,6B) 1 24 ($6.0B ) 



US Poon, panned 


Hundreds of Projects Totaling Billions of Dollars Are Placed on the Management Watch 
List Annually 


Each year, 0MB places hundreds of projects totaling billions of 
dollars on the Management Watch List. Table 1 provides a historical 
perspective of the number of these projects and their associated 
budget since 0MB started reporting on the Management Watch Ust 
in the President’s budget request for 2004. The table shows that 
while the number of projects and their associated budget have 
generally decreased since then, they increased by 83 projects this 
year, and represent a significant percentage of the total budget. 


Page 11 


GAO-07-12nT 



60 


table 1: Management Watch List Budget for Fiscal Years 2004-2008 (In billions) 

Fiscal years 

Total federal IT 
projects 
(associated 
budget) 

Management 
Watch List 
projects 
(associated 
budget) 

Percentage of 
federal IT projects 
on Management 
Watch List 
(percentage of 
budget) 

2004 

1400 ($59.0) 

771 ($20.9) 

55% (35%) 

2005 

1200 ($60.0) 

621 ($22.0) 

52% (37%) 

2006 

1087 ($65.0) 

342 ($15.0) 

31% (23%) 

2007 

857 ($64.0) 

263 ($9.9) 

31% (15%) 

2008 

840 ($65.0) 

346 ($14.0) 

41% (22%) 


Sourca; GAO antiytis ot 0MB dMa. 


As of July 2007," 136 projects, representing $8.6 billion, still 
remained on the Management Watch List (see appendix 1 for 
complete list). We determined that 29 of these projects were on the 
Management Watch List as of September 2006. 


Poorly Performing Projects Total About $6 Billion in Estimated Expenditures for Fiscal 
Year 2008 


As of June 2007, when agencies last reported on their high risk 
projects to 0MB, the 24 major agencies identified 438 IT projects as 
high risk, of which 124 had performance shortfalls collectively 
totaling about $6.0 billion in funding requested for fiscal year 2008. 
Table 2 shows that the number of projects, as well as the number of 
projects with shortfalls increased this year. 0MB attributes this rise 
to Increased management oversight by agencies. 


” TWs is tite date trf OMB's most recent Management Watch List update. 
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Table 2; High Risk Pro|ects with Performance Shortfalls for Fiscal Years 2007 and 
2008 (associated budget in billions) 

Fiscal 

years 

Total federal IT 
projects 

High risk 
projects 
(associated 
budget) 

High risk projects 
with shortfalls 
(associated 
budget) 

Percentage of 
high risk 
projects 
shortfalls 
(percentage of 
budget) 

2007 

857 ($64.0) 

226 ($6.4)* 

79 ($2.2)* 

9% (3.4% of total 

IT budget) 

2008 

840 ($65.0) 

438 ($14.0)“ 

124 ($6.0)“ 

15% (9% of total 

IT budget) 


Souite: GAO anstysis o( 0MB ilstt. 


These number and doUar figures are from September 2006. 
‘ These number and doliar figures are from June 2007. 


The maaority of projects were not reported to have had performance 
shortfalls. In addition, five agencies — the departments of Energy, 
Housing and Urban Development, Labor, and State, and the National 
Science Foundation — reported that none of their high risk projects 
experienced any performance shortfalls. Figure 2 illustrates the 
number of high risk projects by agency as of June 2007, with and 
without shortfalls. 
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Figure 2: Number of Agencies High Risk Projects with and without Performance Shortfalls (as of June 2007) 


Number of profects 
BO I 



I I No performance shortWI 
Performartce shorttaR 
SOl.n^:«: OAO analyels of OUS Me. 

• The Oepanmeni of Intehor (Moot provide fteir June 2007 high hsk repoi to GAO. 

Note: One protect can have multiple thortfaH. 

Note; Oeparpneni of Homeland Seeumy (OHS): OopartmerX ol Veterans Allairs (VA); Oapanment of Transpottalloft (DCnt U.S. 
Agency lor iniemaHonal Oeveiopment (USAtO): Social Security Adminisiratien (SSA); Genarai Services Administtatlon (OSA); 
Depanment ot AgncuRute (USDA): SmM Business AOminislration (SBA): Oepanment ol Defense (DOD); Envtionmanial Proleeilon 
Agency (EPA): Nuclear Regulatory Commission (NRC): Oniceol Personnel Management (OPM); Oepanment ol Health end Human 
Services (KHS): Department ol Justice (OOJ): Nationai Aaror^avKcs and Space Administtation (NASA); National Sdanca Poundsiion 
(NSP); Oepanmeruot Housing and UrMn Development (HUO); Department ot Energy (DOE); Department of Labor (DO.); Department 
of Interior (OOi) 


Agencies reported cost and schedule variances that exceeded 10 
percent as the greatest shortfall This is consistent with what they 
reported about a year ago, and the distribution of shortfalls types is 
similar to last year. Figure 3 illustrates the reported number and 
type of performance shortfalls associated with high risk projects. 
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Figure 3; Reported Performance Shortfalls of 126 Profects (as of June 2007} 

Number of projects 
120 



Cost and schedule Baseline Ouatlfled Avoiding 

variance within 10% with clear goals project manager duplication 

Type of High Risk List shortfalls 


Source. OAO analyses of 0MB data- 


Appendix II identifies the shortfalls associated with each of the 
poorly performing projects. 

Twenty-two high risk projects have experienced performance 
shortfalls for the past four quarters (see figure 4). 
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Figure 4: High Risk Projects with Shortfalls in the Last 4 Quarters Sorted by Funding 


r- 

Fiscal 
year 2008 
request 
(in miiiions) 


HUH' 

Kzal 


invesUnent name 

S!9I 

m 

D 

gjjgj 

mm 



BSI 

BSI 

Secure Border Initiative Net Technoloov Prooram 

1.000 

Z] 

ZDi 




Z3i 


11 

RSSflli 

Modernize and Innovate the Delivery of Aaricultural Systems 

144 






Z]l 


]j 


Secure RloM 

53 






ZJ! 


1 

mm 


41 


Z1 




ZD! 

1 I 



38 


Z3 




ji 1 

1 II 


Hazmal Threat Assessment Prooram 

28 


Zl 




j! i 



inteorated Finarxiial Svstem/CORE Financial System 

17 





\ 


mm 

National Emerqencv Management information System 

17 






p I 

u 


Disaster Management E-<3ov 

13 



3 

□ 


f I 

' 1 


ReQiona! Data Exchange 



z: 

IZ 

□ 



1 

j i 


Homeland Security Presidential effective 12 









; 

lEBm 

Joint Assistance Management Systerr^/Procurement System Improvement Prefect 

10 


zu 

ZJ 

u 



[ 



Connecti-tR 

10 

[□ 


■ 

□ 





Elf 

Business Gatewey 

6 










Treasury Foreign Intelligence Network 

3 



I 

u 





SB 

Common information Management System 

2 

□ 

|[ : 


Z] 





BB 

Alien Right Student Program 

2 



□ 

i 



; 1 


irasi 

E'Authentication 

2 











[■■■I 









UkUltl 












Registered Traveler 

0 




lU 




i " 

am 

Patient Financial Services System 

0 

iz: 

IC 


1L_ 

i~~ 


au 

mill Qu8fietlnwt^th«ptoiectha<}s6orTiatl(6) 


SoiMOf. G*0 «t 0MB dalt. 

Noia: O^nment M Hcmeceno S«eumy (OHS): Depanmcnt el Agiicuiiure (USDA): Oepatmeni of Veterans Affairs (VA), Depattmcni M 
Juitice (OOJ);U.S. Agertcyforimemalronai Oeveiopff)erii (USAID): Small Susirtess AOrninlstraiion (SBA) 

Of these projects, the following six have had shortfalls since the 
High Risk List was established in September 2005. 

• Department of Homeland Security’s (DHS) Secure Border 

Initiative Net Technology Program, which is expected to provide 
on-scene agents near real-time information on attempted border 
crossings by illegal aliens, terrorists, or smugglers; 
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• Department of Agriculture’s (USDA) Modernize and Innovate the 
Delivery of Agricultural Systems, which is intended to modernize 
the delivery of farm program benefits by deploying an internet- 
based self-service capabilities for customers, and eliminating the 
department’s reliance on aging technology and service centers as 
the sole means of delivering program benefits; 

• Department of Veterans Affairs’ (VA) VistA Imaging, 'which. 
should provide complete online patient data to health care 
providers, increase clinician productivity, facilitate medical 
decision-maldng, and improve quality of care; 

• DHS’s Transportation Worker Identification Credentialing, which 
is to establish a system-wide common secure biometric 
credential, used by all transportation modes, for personnel 
requiring unescorted physical and/or logical access to secure 
areas of the transportation system; 

• Department of Justice’s (DOJ) Regional Data Exchange, which is 
expected to combine and share regional investigative information 
and provide powerful tools for analyzing the integrated data sets; 
and 

• VA’s Patient Financial Services System, which is expected create 
a comprehensive business solution for revenue improvement 
utilizing improved business practices, commercial software, and 
enhanced VA clinical applications. 


Several Projects are Both Poorly Planned and Poorly Performing 

Thirty-three projects are on both the Management Watch List and 
list of high risk projects with shortfalls, meaning that they are both 
poorly planned and poorly performing. They total about $4.1 billion 
in estimated expenditures for fiscal year 2008. These projects are 
listed in table 3 below. 


Table 3: Projects on both the Management Watch List and the High Risk List with 
Shortfalls. 

Agency 

Investment name 

Fiscal 
year 2008 
request 
(in 

millions) 

DHS 

Secure Border Initiative net Technology Program 

1,000 
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Agency 

Investment name 

Fiscal 
year 2008 
request 
(in 

millions) 

DHS 

Financial Management Transformation; E-Gov: E-Travel 
Migr.; FM LoB Migr.; FM LoB Legacy Sys. 

6 

DHS 

HR IT; E-Gov: HR LoB Migr.; E-Training Migr.; EHRl 

Migr.; E-Traininq Legacy Sys.; HR LoB Legacy Sys. 

17 

DHS 

infrastructure 

1,071 

DHS 

National Emergency Management information System 

17 

DHS 

Consolidated Enforcement Environment 

11 

OHS 

Rescue 21 

0 

Education 

Budget Formulation and Execution LoB 


Education 

Common Origination and Disbursement 

8 

Education 

Common Services for Borrowers 

15 

Education 

Data Warehouse 

1 

Education 

Education Resources Information Center 

9 

NASA 

Integrated Enterprise Management - Core Financial 

22 

NRC 

Electronic Information Exchange/E-Authentication 
Migration 

1 

0PM 

E-T raining 

0 

Treasury 

Chief Counsel 

1 

Treasury 

Enterprise IT Infrastructure Optimization Initiative 

1,638 

Treasury 

Financial Analysis & Reporting System Applications 

3 

Treasun,r 

Fiscal Management 

0 

Treasury 

Integrated Collection System 

9 

Treasury 

Integrated Financial System/CORE Financial System 

17 

Treasury 

Enterprise Systems 

1 

Treasury 

Examinations 

4 

Treasury 

Treasury- Wide Enterprise Content Management Services 

6 

USOA 

Food and Agriculture Bio-Surveillance Integration System 


USDA 

-ConnectHR 

10 

USOA 

Modernize and Innovate the Delivery of Agricultural 
Systems 

144 

VA 

Financial & Logistics Integrated Technology Enterprise 

48 

VA 

Medical and Prosthetic Research Operations 

24 

VA 

My HeallheVet 

17 

VA 

Patient Financial Services System 

0 

VA 

Learning Management System 

6 

VA 

VistA Imaging 

41 


Source: GAO Analysis ol CMS data. 

Note: OepsrtmenI ol Homeland Secuoty (OHS): Natlonai Aeronautics am} Space Administration (NASA); Nuclear Hegulatory 
Commission (NRC); OWce ol Personnel Manaflemeru (ORit): Department ol Agricunute (USDA); Oepartmeni of Veterans Allairs <VA) 
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0MB Has Taken Steps to Improve the Identification and Oversight 
of Management Watch List and High Risk Projects, but Additional 
Efforts Are Needed 

OMB has taken steps to improve the identification and oversight of 
the Management Watch List and high risk projects by addressing 
some of the recommendations we previously made, but additional 
efforts are needed to more effectively perform these activities and 
ultimately ensure that potentially billions of taxpayer dollars are not 
wasted. Specifically, we previously recommended that OMB take 
action to improve the accuracy and reliability of exhibit 300s and 
application of the high risk projects criteria, and perform 
govenunentwide tracking and analysis of Management Watch List 
and high risk project information. While OMB took steps to address 
our concerns, more can be done. 


Exhibit 300s Are Now Reported Publicly but Their Accuracy and Reliability Issues 
Remain 

In January 2006, we noted that the underlying support for 
information provided in the exhibit 300s was often inadequate and 
that, as a result, the Management Watch List may be undermined by 
inaccurate and unreliable data." Specifically, we noted that 

• documentation either did not exist or did not fully agree with 
specific areas of all exhibit 300s; 

• agencies did not always demonstrate that they complied with 
federal or departmental requirements or policies with regard to 
management and reporting processes; for example, no exhibit 300 
had cost analyses that fully complied with OMB requirements for 
cost-benefit and cost-effectiveness analyses; and 

• data for actual costs were unreliable because they were not derived 

- - from cost-accounting systems with adequate controls; in the 

absence of such systems, agencies generally derived cost 
information from ad hoc processes. 


" GAO-06-260. 
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We recommended, among other things, that 0MB direct agencies to 
improve the accuracy and reliability of exhibit 300 information. 

To Address our recommendation, in June 2006, OMB directed 
agencies to post their exhibit 300s on their website within two 
weeks of the release of the President’s budget request for fiscal year 
2008. While this is a step in the right direction, the accuracy and 
reliability of exhibit 300 information is still a significant weakness 
among the 24 m^or agencies, as evidenced by a March 2007 
President’s Council on Integrity and Efficiency and Executive 
Council on Integrity and Efficiency study commissioned by OMB to 
ascertain the validity of exhibit 300s.“ Specifically, according to 
individual agency reports contained within the study, Inspectors 
Generd found that the documents supporting agencies’ exhibit 300s 
continue to have accuracy and reliability issues. For example, 
according to these reports, the Agency for International 
Development did not maintain the documentation supporting 
exhibit 300s cost figures. In addition, at the Internal Revenue 
Service, the exhibit 300s were unreliable because, among other 
things, project costs were being reported inaccurately and progress 
on projects in development was measured inaccurately. 


High Risk Criteria Are Being Applied More Consistently, but Questions Remain as to 
Whether All Projects Are Identified, Including Projects with Shortfalls 

In June 2006, we noted that OMB did not always consistently apply 
the criteria for identifying high risk projects. For example, we 
identified projects that appeared to meet the criteria but that were 
not designated as high risk." Accordingly, we recommended that 
OMB apply their high risk criteria consistently. OMB has since 
designated as high risk the projects that we identified. Further, OMB 


President’s Council on Integrity and Efficiency and Executive Council on Integrity and 
Efficiency, Fiscal Years 2006 and 2007 Assessments Of Federal Agencies ' Exhibit 300s , 
(Washington, D.C.: March 2007/ 

President’s Council on Integrity and Efficiency and Executive Council on Inte^ty and 
Efficien*^, Fiscal Years 2006 and 2007 Assessments Of Federal Agencies ’ Exhibit 300s , 
(Washin 0 .on, D.C.; March 2007/ 

GAa0fr647. 
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officials stated that they have worked with agencies to ensure a 
more consistent application of the high risk criteria. These are 
positive steps, as they result in more projects receiving the 
management attention they deserve. 

However, questions remain as to whether all high risk projects with 
shortfalls are being reported by agencies. For example, we have 
reported in oiu: hi^ risk series^ that the Department of Defense’s 
efforts to modernize its business systems have been hampered 
because of wealoiesses in practices for (1) developing and using an 
enterprise architecture, (2) instituting effective investment 
management processes, and (3) establishing and implementing 
effective systems acquisition processes. We concluded that the 
department remains far from where it needs to be to effectively and 
efficiently manage an undertaking of such size, complexity, and 
significance. Despite these problems, Department of Defense 
(DOD), which accounts for $31 billion of the government’s $65 
billion in IT expenditures, only reported three projects as being high 
risk with shortfalls representing a total of about $1 million. The 
dollar value of DOD’s three projects represents less than one tenth 
of one percent of high risk projects with shortfalls. In light of the 
problems we and others have identified with many of DOD’s 
projects, this appears to be an underestimation. Given the critical 
nature of high risk projects, it is particularly important to identify 
early on those that are performing poorly, before their shortfalls 
become overly costly to address. 

Management Watch List and High Risk Projects Made Public, but Govemmentwide 

Analyses Still Not Performed 

Finally, to improve the oversight of the Management Watch List 
projects, we recommended in our April 2005 report” that the 
Director of 0MB report to Congress on projects’ deficiencies, 


GAO, High-Risk Series: An Update, GAO-05-207 (Washington, D.C.: January 2005); High- 
Risk Series; An Update, GAO-07'310 (Washington, D.C.: January 2007). 

” GAO, Information Technology: Improvements Needed to More Accurately Identify and 
Better Oversee Risky Projects Totaling Billions of Dollars, GAO'06'1099T (Washington, 
D.C.: Sept. 7, 2006). 
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agencies’ progress in addressing risks of m^or IT investments, and 
management areas needing attention. In addition, to fully realize the 
potential benefits of using the Management Watch List, we 
recommended that 0MB use the list as the basis for selecting 
projects for follow-up, tracking follow-up activities and analyze the 
prioritized list to develop govemmentwide and agency assessments 
of the progress and risks of IT investments, identifying opportunities 
for continued improvement. We also made similar recommendations 
to the Director of OMB regarding high risk projects. Specifically, we 
recommended that OMB develop a single aggregate list of high risk 
projects and their deficiencies and use that list to report to Congress 
progress made in correcting high risk problems, actions under way, 
and further actions that may be needed. 

To its credit, OMB started publicly releasing aggregate lists of the 
Management Watch List and high risk projects in September 2006, 
and has been releasing updated versions on a quarterly basis by 
posting them on their website. While this is a positive step, OMB 
does not publish the specific reasons that each project is placed on 
the Management Watch List, nor does it specifically identify why 
high risk projects are poorly performing, as we have done in 
appendix 11. Providing this information would allow OMB and others 
to better analyze the reasons projects are poorly plaimed and 
performing and take corrective actions and track these projects on a 
govemmentwide basis. Such information would also help to 
highlight progress made by agencies or projects, identify 
management issues that transcend individual agencies, and highlight 
the root causes of govemmentwide issues and trends. Such analysis 
would be valuable to agencies in planning future IT projects, and 
could enable OMB to prioritize follow-up actions and ensure that 
high-priority deficiencies are addressed. 


In summary, the Management Watch List and high risk projects 
processes play important roles in improving the management of 
federal IT investments by helping to identify poorly planned and 
poorly performing projects that require management attention. As of 
June 2007, the 24 mqjor agencies had 227 such projects totaling at 
least $10 billion. OMB has taken steps to improve the identification 
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of these projects, including implementing recommendations related 
to improving the accuracy of exhibit 300s and the application of the 
high risk projects criteria. However, the number of projects may be 
understated because issues concerning the accuracy and reliability 
of the budgetary documents the Management Watch List is derived 
from still remain and high risk projects with shortfalls may not be 
consistently identified. 

While 0MB can act to further improve the identification and 
oversight of poorly planned and poorly performing projects, we 
recognize that agencies must also take action to fulfill their 
responsibilities in these areas. We have addressed this in previous 
reports and made related recommendations. Until further 
improvements in the identification and oversight of poorly planned 
and poorly performing IT projects, potentially billions in taxpayer 
dollars are at risk of being wasted. 


GAO Contact and Acknowledgements 
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Paul, Assistant Director; Neil Doherty; Amos Tevelow; Kevin Walsh 
and Eric Winter. 
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Appendix I: Management Watch List Projects 

The following provides additional detail on the investments 
comprising OMB’s Management Watch List as of July 2007. Under 
the Clinger-Cohen Act of 1996, agencies are required to submit 
business plans for IT investments to 0MB. If the agency’s 
investment plan contains one or more planning weaknesses, it is 
placed on OMB’s Management Watch List and targeted for follow-up 
action to correct potential problems prior to execution. 

We estimated the fiscal year 2008 request based on the data in the 
Report on IT Spending for Fiscal Years 2006, 2007, and 2008 
(generally referred to as exhibit 53), and data provided by agencies. 


Table 4: Management Watch List Projects by Agency 


Agency 

Investment name 

Fiscal year 2008 request 
(in millions) 

The Corps 

Projet^ Management Information System II 

15 

The Corps 

Resident Management System 

3 

DHS 

Non Intrusive Inspection System Program (Large Scale) 

0* 

DHS 

Non Intrusive Inspection System Program (Small Scale) 

0' 

DHS 

Secure Border Initiative net Technology Program 

1,000 

DHS 

Unmanned Aircraft Systems 

0* 

DHS 

Financial Management Transformation 

6 

DHS 

HR IT 

17 

DHS 

Infrastructure 

1,071 

DHS 

Technical Operations Support 

0 

DHS 

National Emergency Management information System 

17 

DHS 

Flood Map Modernization 

6 

DHS 

Risk Assessment Systems 

6 

DHS 

Integrated Financial Management Information System 

2 

DHS 

Consolidated Enforcement Environment 

11 

DHS 

Computer Network Service Defense Provider 

0 

DHS 

Computer Forensics Laboratory 

0 

DHS 

Integrated Deepwater System 

7 

DHS 

Rescue 21 

0 

DHS 

Central Index System 

3 

DHS 

Immigration - CLAIMS 3.0 

10 

DHS 

Naturalization - CLAIMS 4.0 

16 

DOD 

Defense information System (or Security 

64 
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Agency 

investment name 

Fiscal year 2008 request 
(in millions) 

DOL 

Labor Executive Accountability Program 

12 

DOT 

IT Combined Intrastructure 

233 

Education 

Budget Formulation and Execution Line ot Business 

0 

Education 

Common Origination and Disbursement 

8 

Education 

Common Services for Borrowers 

15 

Education 

Data Warehouse 

1 

Education 

Education Resources information Center 

9 

Education 

Integrated Technical Architecture/ Enterprise Application Integration 

8 

Education 

Migrant Student Information Exchange 

4 

Education 

National Student Loan Data System 

10 

Education 

Student Aid Internet Gateway 

1 

HHS 

IT Infrastructure 

126 

HHS 

Consolidated infrastructure 

102 

HHS 

Commissioned Corps Force Management System 

2 

HHS 

Prototype Nationwide Health Information Network Architectures 

56 

NASA 

Shared Capability Asset Program 

41 

NASA 

Payload Operations and Integration Center 

20 

NASA 

Integrated Collaborative Environment 

21 

NASA 

Earth Observing Sys Data Info Sys 

131 

NASA 

Center for Computational Sciences 

15 

NASA 

Space and Ground Network IT Support 

5 

NASA 

Flight Operations 

79 

NASA 

Integrated Planning System 

14 

NASA 

Mission Control Center 

50 

NASA 

Software Developmenl/lntegration Laboratory 

132 

NASA 

Space Shuttle Program Flight Software 

86 

NASA 

Space Shuttle Program Integration 

13 

NASA 

Space Station Produclion Facility 

7 

NASA 

Shuttle Ground Camera 

2 

NASA 

Shuttle Ground Operations 

51 

NASA 


11 

NASA 

Shuttle Launch Control System 

51 

NASA 

Shuttle Processing Support 

13 

NASA 

Integrated Enterprise Management - Aircraft Management Module 

5 

NASA 

Integrated Enterprise Management - Core Financial 

22 

- NASA 

■ Integrated Enteipfise Management - Integrated Asset Management - Plant Property & 
Equipment Module 

-- 4 

NASA 

Office Automation, IT Infrastructure, and Telecommunications 

547 

NASA 

Deep Space Networi< 

33 

NASA 

Integrated Services Network 

88 

NRC 

Agency-wide Documents Access arid Management System 

12 

NRC 

Budget Formulation Application 

0 
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Agency 

Investment name 

Fiscal year 2008 request 
(in millions) 

NRC 

Cos! Accounting System 

1 

NRC 

Digital Data Management System 

0 

NRC 

Human Resources Management System 

1 

NRC 

Incident Response System 

4 

NRC 

infrastructure Services and Support 

52 

NRC 

License Fee Biliinq System 

1 

NRC 

License Fee Biliinq System Replacement 

1 

NRC 

Licensing Support Network 

2 

NRC 

Licensing Tracking System/Web Based Licensing 

0 

NRC 

National Source Tracking System 

4 

NRC 

Reactor Program System 

1 

NRC 

Secure LAN and Electronic Safe 

5 

0PM 

E-Training 

0 

SBA 

Business Development Management Information System 

0 

Treasury 

Business Master File 

13 

Treasury 

Chief Couns^ 

1 

Treasury 

Cross Border Funds Transmittal 

3 

Treasury 

Electronic Fraud Detection System 

12 

Treasury 

Financial Analysis & Reporting System Applications 

3 

Treasury 

Fiscal Management 

0 

Treasury 

individual Master File 

13 

Treasury 

Integrated Collection System 

9 

Treasury 

Integrated Financial System/CORE Financial System 

17 

Treasury 

Enterprise Systems 

1 

Treasury 

Examinations 

4 

Treasury 

Oracle e-Business Suite 

5 

Treasury 

Tax Return Database 

5 

Treasury 

TreasuryDirect 

5 

Treasury 

Treasury-Wide Enterprise Content Management Solution 

6 

Treasury 

Treasury-wide integrated IT Inlrastructure 

1,638 

USOA 

ConnectHR 

8 

USDA 

Consolidated Infrastructure, Office Automation and Telecommunications 

843 

USDA 

Farm Program Modernization 

151 

USDA 

Food & Agriculture Bio-Survetllance Integration System 

0 

USDA 

Human Resources Line of Business; Service Center 

25 

VA 

Allocation Resource Center 

2 

VA 

Automated Monument Application System 

1 

VA 

Benefits Delivery Network Maintenance and Operations 

22 

VA 

BIRLS/VADS 

3 

VA 

Burial Operations Support System 

1 

VA 

C&P Maintenance and Operations 

43 

VA 

Capital Asset Management System 

2 
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Agency 

Investment name 

Fiscal year 2008 request 
{In milHons) 

VA 

Data Centric Transition for VR&E and Educatkm 

0 

VA 

Decision Support System 

20 

VA 

Document and Correspondence Management System 

1 

VA 

Education Maintenance and Ops 

3 

VA 

Enrollment Operations and Maintenance 

5 

VA 

e-Payroll 

9 

VA 

Federal Health Information Exchange 

4 

VA 

Financial & Logistics Integrated Technology Enterprise 

40 

VA 

Financial Management System 

16 

VA 

Health Admin Center IT Operations 

11 

VA 

Health Data Repository 

27 

VA 

Insurance System Maintenance and Operations 

7 

VA 

IT Infrastructure 

645 

VA 

Loan Guaranty Maintenance and Operations 

2 

VA 

Medical and Prosthetic Research Operations 

24 

VA 

My HeaitheVet 

17 

VA 

Patient Financial Services System 

0 

VA 

Payroll/HR Systems 

27 

VA 

Pharmacy Re-Engineering and IT Support 

13 

VA 

Program Integrity/Data Management 

13 

VA 

II 1 1 — 


VA 



VA 

The Education Expert System 

5 

VA 

VA-Learning Management System 

6 

VA 

VA-Wide e-T ravel Solution 

1 

VA 

VBA Application Migration Project 

5 

VA 

VistA Imaging 

41 

VA 

VistA-Application Development 

130 

VA 

VistA'Legaev 

352 

VA 

VR&E Maintenance and Operations 

4 


Souice: GAO An«ly«s ol OMQ <lala. 

No<«: Ocpenment ol Homeland Sacudt/ (OHS); D^saitmem ol Deicnea (000); Oapadment ol Enaigy (DOE); Depanment ot Eniertor 
(DOI); D^itmenl ol Justice (OOJ); Oepartmemol Labor (OOL); Depanment MTransponaiion (DOT); Environmental Protection 
Apency |£PA): General Settees Adminisiratkin (GSA): Oepanmeni ol Health and Human Services (KHS); Depanment ol Housing and 
Utpan Develspmeni (HUO); National Aeronautics and Space Administration (NASA); Nuclear Regulatory Commission (NRC); National 
Science foundation (NSF); Oltice ol Management artd Budget (0MB); ORce ol Personrtel Managentenl (OPM); Small Business 
AdminsirafiDn (S8A); Soda! Security Admaustrabon (SS^. U.S. Agency tor Intemallonal Development (USAID); Depanment ot 
Agi1ctUture(USDA);DepBnmeni or Veterans Allein(VA) 

• Our research couk) rtcil identity doliar amounts lor these projects. 
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Appendix II: High Risk Projects with Shortfalls 

The following provides additional detail on the high risk projects 
that have performance shortfalls as of June 2007. 


We estimated the fiscal year 2008 request based on the data in the 
Report on IT Spending for Fiscal Years 2006, 2007, and 2008 
(generally referred to as exhibit 53), and data provided by agencies. 


Table 5: High Risk Projects with Shortfalls by Agency 





Performance shortfalls 


Agency 

Investment name 

Fiscal year 
2008 request 
(in millions) 

Unclear 

baseline 

Cost and 
schedule 
variance not 
within 10% 

Project 
manager not 
qualified 

Project 
duplicative of 
another 

OHS 

A&O Homeland Security Information 
Network 

21 

X 

X 



DHS 

CBP Secure Border Initiative net 
Technology Program 

1,000 

X 

X 



DHS 

Financial Management 
Transformation; E-Gov: E-Travel 
Migr.; FM LoB Migr.; FM LoB 

Legacy Sys. 

6 

X 

X 

X 


DHS 

HR IT; E-Gov: HR LoB Migr.; E- 
Training Migr.; EHRl Migr.; E- 
Training Legacy Sys.; HR LoB 
Legacy Sys. 

17 

X 


X 

X 

DHS 

Infrastructure 

1,071 

X 

X 



DHS 

E-Gov E-Authentication; E-Auth. 
Migr.; E-Auth. Shared Sen/. Prov. 

0 

X 

X 

X 

X 

DHS 

E-Gov E-Rulemaking Migr.; E- 
Rulemaking Legacy Sys. 

1 

X 

X 

X 

X 

DHS 

E-Gov FAS Migr.; FAS Sales CIr.; 
FAS Legacy Sys. 

0 

X 

X 

X 

X 

DHS 

E-Gov lAE Migr. 

2 

X 

X 

X 

X 

DHS 

National Emergency Management 

17 

X 


X 









DHS 

Consolidated Enforcement 
Environment 

11 

X 

X 



DHS 

NPPD information Systems Security 
Line of Business 

2 

X 

X 

X 


DHS 

NPPD NS/EP Priority Telecommuni- 
cations Service 

130 

X 




DHS 

Disaster Management E-Gov 

13 

X 

X 
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Performance shortfalis 


Agency 

investment name 

Fiscal year 
2008 request 
(in mitiions) 

Unclear 

baseline 

Cost and 
schedule 
variance not 
within 10% 

Project 
manager not 
qualified 

Project 
duplicative of 
another 

DHS 

SAFECOM 

0 

X 

X 

X 


DHS 

US-ViSlT 

462 



X 


DHS 

Alien Right Student Program 

2 

X 




DHS 

Crew Vetting 

15 

X 

X 

X 


DHS 

Hazmat Threat Assessment 

Program 

28 

X 

X 

X 


DHS 

Registered Traveler 

0 

X 

X 



DHS 

Secure Flight 

53 


X 



DHS 

Transportatiort Worker Identitication 
Credentialinq 

36 


X 



DHS 

Nationwide Automatic Identification 
System 

22 


X 



DHS 

Rescue 21 

0 


X 

X 


DHS 

Customer Service Porta! 

13 

X 

X 

X 

X 

DOC 

FM LoB Migration 

0 

X 

X 

X 

X 

DOD 

integrated Acquisition Environment 
Legacy System (FedTeDS) 

1 



X 


DOD 

Integrated Acquisition Environment 
Shared Service Provider (ORCA) 

0 



X 


DOO 

Integrated Acquisition Environment 
Shared Service Provider (PPiRS) 

0 


X 



DOJ 

Regional Data Exchange 

10 


X 



DOT 

EHRI 

2 



X 


DOT 

E-Rulemaking Migration 

1 

X 




DOT 

FAA Telecommunications 
Infrastructure 

222 


X 



DOT 

Terminal Automation Mod. & Rep, 

13 


X 



DOT 

SWIM 

23 

X 




DOT 

Traffic flow Management 

121 


X 



DOT 

Regulation and Certification 
Infrastructure for System Safety 

55 

X 




Education ADvance (Aid Delivery) 

65 


X 



Education 

Advance Development 

28 


X 



Education 

Budget Formulation and Execution 

0 



X 









Education 

Common Origination and 
Disbursement 

8 


X 



Education 

Common Services for Borrowers 

15 


X 



Education 

Data Strategy 

14 


X 



Education 

Data Warehouse . 

1 


X 



Education 

E-Authentication Migration 

3 

X 

X 

X 

X 
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Performance shortfalls 


Agency 

Investment name 

Fiscal year 
2(K)8 request 
(in millions) 

Unclear 

baseline 

Cost and 
schedule 
variance not 
within 10% 

Project 
manager not 
qualified 

Project 
duplicative of 
another 

Education 

Education Resources Information 
Center 

9 


X 



Education 

E-GOV: E'Rulemakinq Migration 

0 

X 




Education 

EHRI 

0 

X 




Education 

!D Access Contrd System 

1 


X 



Education 

Information Assurance 

9 


X 



Education integrated Partner Management 

8 


X 



EPA 

eRulemakinq 

1 


X 



EPA 

E-Travel Migration 

0 


X 



EPA 

FM LoB - Migration 

26 


X 



GSA 

CHRIS-EHRI 

7 


X 


X 

GSA 

EHRI Migration 

2 

X 




GSA- 

FAS Sales Center SSP (PP) 

2 


X 



GSA 

rVl’T'I'lI'l'TII — 




HHHBHi 


GSA 




HE3HHH 

HIHHH 


HHS 

III II lllllllll llllll|l|l — 



IIDHHH 

HHHIH 

■bbbibb 

HHS 

Consolidated Acquisiton Solution 

8 

X 

X 



NASA 

NASA Integrated Enterprise 
Management • Core Financial 

22 


X 



NRC 

Electronic Information Exchange/E- 
Authentication Migration 

t 


X 



NRC 

E-Training (Learning Management 
System) 

0 


X 



NRC 

E-Travel Conversion 

1 


X 



OPM 

E-Training 

0 



X 


0PM 

GoLearn 

0 



IIQHHHI 


SBA 

Business Gateway (Managing 
Partner) 

6 



X 


SBA 

Disaster Credit Management 
System 

13 


X 



SBA 

GCBD: Business Development 
Management Information System 

0 


X 



SBA 

OCA: Loan Management and 
Accounting System . 

9 


X 



SSA 

Disability Service Improvement 

54 


X 



SSA 

E-Travel Migration 

0 


X 



SSA 

GovBenefits Migration 

0 


X 



SSA 

IT Operations Assurance 

30 


X 



SSA 

Telephone Systems Replacement 
Project 

26 


X 



Treasury 

Chief Counsel 

1 


X 
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Performance shortfalls 


Agency 

investment name 

Fiscal year 
2008 request 
(in millions) 

Unclear 

baseline 

Cost and 
schedule 
variance not 
within 10% 

Project 
manager not 
qualified 

Project 
duplicative of 
another 

Treasury 

Correspondence Examination 
Automated System 

8 


X 



Treasury 

Debt Management Accounting 
System 

6 


X 



Treasury 

Enterprise IT Infrastnjcture 
Optimization Initiative 

1.638 


X 



Treasury 

Examination Desktop Support 
System 

5 


X 



Treasury 

Excise Files Information Retrieval 
System 

7 


X 



Treasury 

Excise Tax e-File S Compliance 

2 


X 



Treasury 

Filing and Payment Compliance 

2 


X 



Treasury 

Financial Analysis & Reporting 
System 

3 


X 



Treasury 

Financial Information and Refjorting 
Standardization 

7 


X 



Treasury 

Fiscal Management 

0 



X 


Treasury 

Integrated Collection System 

9 


X 



T reasury 

Integrated Customer 
Communications En\rironment 

18 


X 



Treasury 

Integrated Financial System/CORE 
Financial System 

17 




X 

Treasury 

Integrated Submission and 
Remittance Processing System 

17 


X 



Treasury 

OCC ENTERPRISE SYSTEMS 

1 


X 



Treasury 

OCC EXAMINATIONS 

4 


X 



Treasury 

Payment Application Modernization 

18 


X 



Treasury 

SaBRe 

5 


X 



Treasury 

Service Center Recognition Image 
Processing System 

17 


X 



Treasury 

Travel Reimbursement and 
Accounting System 

1 




X 

Treasury 

Automated Auction Processing 
System 

32 


X 



Treasury 

Foreign Intelligence Network 

3 


X 




Treasury 

Secure Data Network 

4 


X 



Treasury 

Treasury- Wide Enterprise Content 
Management Services 

6 


X 

X 


USAID 

E-Authentication 

2 

X 

X 



USAID 

E-Records 

1 


X 



USAID 

E-Travel 

1 


X 



USAID 

GLAS 

0 


X 
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Performance shortfalls 


Agency 

Investment name 

Fiscal year 
2008 request 
(in millions) 

Unclear 

baseline 

Cost and 
schedule 
variance not 
within 10% 

Project 
manager not 
qualified 

Project 
duplicative of 
another 

USAID 

HR LoB - Legacy System: Time & 
Attendance (replace AETA) 

0 

X 

X 



USAID 

Homeland Security Presidential 
Directive-12 

10 

X 

X 



USAID 

Joint Assistance Management 
System 

0 


X 



USDA 

Coiporate Prt^erly Automated 
Information System 

1 


X 



USDA 

Food and Agriculture Bio- 
Surveiliance Integration System 

0 


X 



USDA 

ConneclHR 

10 




X 

USDA 

Modernize and Innovate the 

Delivery of Agricultural Systems 

144 

X 

X 

X 


USDA 

RMA-17, Common information 
Management System 

2 

X 

X 



VA 

E-Gov: E-Authentication 

0 

X 

X 

X 


VA 

E-Gov: Finarx:iat Management LOB 

0 

X 

X 

X 


VA 

E-Gov: Human Resources 
Management LoB 

0 

X 

X 

X 


VA 

Enterprise Human Resources 
Integration 

2 

X 

X 

X 


VA 

Financial & Logistics integrated 
Technology Enterprise 

48 


X 



VA 

Medical and Prosthetic Research 
Operations 

24 

X 

X 

X 


VA 

My HealtheVet 

17 



X 


VA 

Patient Financial Services System 

0 

X 

X 



VA 

Learning Management System 

6 


X 



VA 

VistA Imaging 

41 

X 

X 

X 


VA 

VislA-Foundations Modernization 

92 


X 




Sourc«: GAO Analy«it o( 0MB data. 


Note: Oepartmeni o* Hom^and Secudty (OHS): Oepanment o> Oelente (000); Depanment ol Ene>(^ (DOE); Depanment o< Interior 
(OOf): Oepirtmcntef Justice (DOJ); Depadmenio*l.ebo'(00t.): Depedmeni ot tranepodation (DOT); Environmeniai Proteciion 
Agency (£PA); General Services Admintsiraiion (GSA); Department of Health artO Human Services (HHS): Depaiinieni Ol Housing and 
Uittan Development (HUD); NaUonal Aetraiaulics end Space Aominisiiation (NASA); Nuclear Regulatory Commission (NFtC); NaUonS 
Sciarsce Foundation BtSF); Offica ol Menagemera and Budget (<^J8); Otfice of Perscnnel Management (OPM); Small Business 
Adm'ninrai^ (S£iA):'So^ 'SecuRiy Ad'^istrat>on(SSA),l).S’. Agency lor ihlerhatibnal D^elbpi^t (USAlO); Oepartmeni of 
Agitcullure (USDA); Oepartmeni ol Veterans Atltfis (VA) 


(310849) 


Page 32 


GAO-07-1211T 





81 


Statement for the Record 

Barry C. West 
Chief Information Officer 
U.S. Department of Commerce 

Before the 

United States Senate 

Committee on Homeland Security and Governmental Affairs 
Subcommittee on 

Federal Financial Management, Government Information, Federal Services, and 

International Security 

September 20, 2007 


Chairman Carper, Ranking Member Cobum, and distinguished Members of the 
Subcommittee, I appreciate the opportunity to address you on the Department of 
Commerce’s (Commerce) inclusion on the Office of Management and Budget’s (OMB) 
High Risk and Management Watch Lists. 

Commerce has 12 information technology (IT) investments on the Office of Management 
and Budget’s (OMB) High Risk List. Of these, eight represent Commerce’s participation 
in OMB’s E-Govemment Initiatives or Lines of Business with a migration component or 
where Commerce is a shared service provider. These investments were designated by 
OMB as high risk and include E-Travel, E-Rulemaking, E-Authentication, and the 
Financial Management Line of Business. The other four were nominated by Commerce 
because they meet two of OMB’s four high risk criteria: the exceptionally high 
development, operating, or maintenance costs, either in absolute terms or as a percentage 
of the agency's total IT portfolio, and delay or failure would introduce for the first time 
inadequate performance or failure of an essential mission program or function of the 
agency, a component of the agency, or another organization. 

The four investments nominated by Commerce include three components of the 2010 
Decennial Census: Field Data Collection Automation (FDCA), Decennial Response 
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Integration System (DRIS), and Master Address File and Topologically Integrated 
Geographic Encoding and Referencing (MAF/TIGER). The fourth is the Ground System 
of the National Polar-orbiting Operational Environmental Satellite System (NPOESS). 
These are discussed in more detail later. Another, Advanced Weather Interactive 
Processing System (AWIPS) Linux Migration, was formerly on the list. This project has 
been completed and removed from the list. All meet OMB’s evaluation criteria, i.e., have 
a baseline with clear goals, are within 10 percent of cost and schedule targets, have a 
qualified project manager, and avoid duplication with OMB’s E-Govemment efforts. 

Of Commerce’s 65 major IT investments submitted to OMB in the FY 2008 budget, 

OMB placed 49 on its Management Watch List. All have been remediated and are no 
longer on the watch list. Of the 49, 29 were taken off the list by December 2006, leaving 
20 on the list; all but one were removed by March 2007; the last was removed in June 
2007. To ensure that Commerce’s senior management understood the importance of the 
Management Watch List and actively supported corrective actions, in March 2007, the 
Chief Information Officer (CIO) briefed the Executive Management Team, Commerce’s 
most senior executives, providing a status update. Also, during the CIO’s weekly update 
to the Deputy Secretary, the most critical IT issues, including Management Watch List 
updates and status were briefed and di.scussed, and progress tracked. 

Corrective actions included completing additional documentation necessary to 
demonstrate adequate planning and investment control, largely in the areas of security 
and privacy. Office of the CIO staff worked diligently with the operating unit capital 
planning points of contact to research and develop additional explanatory material and to 
ensure that responses were consistent across the business cases. One key area was to 
provide specifics on how we manage contractor systems in terms of security. What was 
critical here was to ensure that the response was tailored to each individual investment 
and not a standard response applied globally to a group of investments. Another was to 
come to agreement with OMB on the best way to respond to the privacy questions where 
there was ambiguity. For 13 investments. Commerce completed re-Certification and 
Accreditation (C&A) of the investments where the C&A had expired. OMB also 
requested and received confirmation that, where the investment showed funding for 
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development, modernization, or enhancement, the investment would not be put into 
operation until a new C&A had been completed. For many investments, OMB requested 
background documentation, such as a risk management plan or assessment, operational 
analysis, or earned value management report. In all. Commerce provided over 60 
separate supporting files. 

Office of the CIO staff also held several conference calls with OMB and Commerce’s 
investment sponsors to further elaborate on the management of the investments where the 
written material did not fully allay OMB’s concerns. One of these addressed security for 
the hand held computers that will be used for the 2010 Decennial Census. 

Commerce attributes its success to the strength of its information technology (IT) capital 
planning and investment control (CPIC) process, which is discussed below, and to its 
commitment to improve IT security. The CIO frequently briefed the Deputy Secretary as 
well as the Executive Management Team on the status of the completion of C&A 
packages. IT security has been a topic at every CIO Council meeting for the past year, 
with an emphasis again on completing high quality C&A packages and ensuring that our 
C&A process was repeatable and reliable. Operating unit CIOs, supported by their senior 
management, were fully apprised of the importance of the C&A packages and ensured 
that the work was completed as needed in their respective operating units. 

We also appreciate the cooperation of OMB when reviewing Commerce’s IT business 
cases. Though exacting, OMB was open to hearing and understanding our explanations. 

Capital Planning and Investment Control 

Commerce’s CPIC process is built on a foundation of strategic and operational IT 
planning that is integrated with processes for the selection, control, and evaluation of IT 
investments. The OMB’s Circular A-1 1, Exhibits 300 (Capital Asset Plan and Business 
Case Summary) and 53 (Agency IT Investment Portfolio) form the building blocks for IT 
planning, budgeting, and acquisition documentation. 
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The process begins with a request from the Department’s Chief Information Officer 
(CIO) for operating units to develop strategic IT plans within the context of maturing 
their capital planning and investment control process. Operating units are asked to 
develop strategies to address performance gaps. Capital planning and investment control 
processes based on strategic IT plans are linked with and support operating unit program 
plans developed under requirements of the Government Performance and Results Act 
(GPRA). 

Strategic IT plans provide a framework for discussion and an opportunity for operating 
units to focus on the strategic use of IT resources to improve program delivery. Strategic 
IT plans also lay the groundwork for development of operational IT plans and 
documentation to support budget year IT initiatives. Strategic IT plans establish over- 
arching, operating unit-wide IT goals, such as the development of architectures, strategic 
use of electronic commerce, and development of IT security and privacy strategies. 

Operational IT plans are due in the fall and describe specific operating unit plans for IT 
activities for the coming fiscal year. The operational IT plans are based on 0MB 
Circular A-1 1, Exhibit 300. This provides continuity with the budgeting process and a 
consistent set of documentation, ensuring that issues such as developing systems within 
the context of an architecture and IT security and privacy are considered on an ongoing 
basis. At the point of the operational IT plans, the Exhibit 300 documentation should be 
well defined, identifying specific schedules, acquisition plans, and performance 
measures. The timing of the operational IT plan is intended to put the focus on the 
coming fiscal year and to promote better coordination and integration with development 
of performance measures required by GPRA. 

Investment Review Process 

Budget Year Initiatives 

The CIO issues a call for IT budget initiatives as well as for documentation on major 
systems in the spring. This IT planning call is directly linked to the Secretary’s budget 
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guidance for the upcoming budget year; submissions are due at the same time budget 
proposals are due, usually mid-May. The budget proposals, as well as documentation of 
major systems, are provided in 0MB Circular A-11, Exhibit 300 format. The proposals 
are a product of operating unit IT selection processes, reflecting operating unit portfolio 
analysis and operating unit IT review board decisions. 

The Commerce IT Review Board (CITRB) advises the Secretary and Deputy Secretary 
on critical IT matters, ensuring that proposed investments contribute to the Secretary’s 
strategic vision and mission requirements, employ sound IT investment methodologies 
that comply with Departmental systems architectures, and provide the highest return on 
the investment or acceptable project risk. This technical review is then a factor in 
decisions for approval or disapproval of funding for new or base investments as part of 
the Department’s budget review process. Systems selected for review meet one or more 
of the following criteria: systems meriting special attention due to their sensitivity, 
mission criticality, or risk potential; Department-wide systems; systems where resources 
are shared between operating units and/or the Department; and systems with life cycle 
costs over $25 million. 

The CITRB is chaired by the CIO, co-chaired by the Chief Financial Officer and 
Assistant Secretary for Administration (CFO/ASA), and composed of the Director of the 
Office of Budget, the Senior Procurement Executive, the Director for Human Resources, 
the Deputy Chief Financial Officer, the Deputy CIO, and CIOs from the National 
Oceanic and Atmospheric Administration, Census Bureau, National Institute of Standards 
and Technology, and International Trade Administration, and, on a rotating basis, up to 
two other operating unit CIOs. Currently these include the Bureau of Economic Analysis 
and the Bureau of Industry and Security. 

Ratings of the CITRB are based on consensus evaluations on a green-yellow-red scale, 
using decision criteria to determine such factors as alignment to Commerce and operating 
unit high-level performance goals, net risk-adjusted return on investment, project 
management strategies, risk mitigation, security implementation, architectural 
compliance, and overall value of proposed IT projects. Only CITRB members or 
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designated alternates from the Department of Commerce may vote, but staff with relevant 
expertise participate in the discussions and question the proposal sponsors. Initiatives 
that do not meet the criteria to be reviewed by the Board are reviewed following the same 
process by Office of the CIO staff supplemented by staff from the Office of Acquisition 
Management as well as the Office of Budget. CIO staff also review all Exhibit 300s for 
existing and proposed investments, and provide comments to investment sponsors to help 
improve the quality of these business cases. 

To help focus the CITRB sessions, project managers and sponsors for investments 
selected for CITRB review are required to provide supporting project planning 
documentation, including the Exhibit 300, two weeks prior to the CITRB meeting. Staff 
subject matter experts in IT security, enterprise architecture, project management, earned 
value management, benefit-cost analysis, budgeting, and acquisition review the project 
management material and provide comments to the project manager and sponsor 
providing them an opportunity to explain or resolve gaps in the information provided. 
Remaining technical issues are highlighted for the CIO’s attention prior to the CflRB 
meeting. 

Following the meeting, the CIO provides the operating units the investments’ ratings 
along with comments and suggestions for improvements, and an opportunity to improve 
their proposal justifications, where needed. The CIO, in consultation with the CITRB 
members and Office of the CIO staff, reviews the revised proposals and assigns a final 
rating on a green-yellow-red scale, which is then provided to the Office of Budget. Also, 
the CIO or Deputy CIO provides input and commentary as necessary on initiatives with 
an IT component during the Department’s budgetary deliberations. 

Control and Evaluation Reviews 

As part of its charter, the CfTRB makes recommendations for continuation or termination 
of projects under development at key milestones or when they fail to meet performance, 
cost, or schedule criteria. The Office of the CIO staff review all major systems and make 
recommendations to the CIO regarding those IT investments that should be reviewed by 
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the Board. The staff also conduct pre-Board reviews themselves or recommend pre- 
Board reviews from external experts, when they perceive a benefit from an independent, 
in-depth evaluation. 

The CITRB meets monthly to assess IT investments and to review the performance of on- 
going investments in control and post- implementation reviews. The CITRB review 
process follows on the operating unit processes for the control and evaluation of major IT 
investments, which generate documentation for CITRB consideration. For acquisition 
projects of $10 million or greater, once the CITRB approves investment decisions, the 
Acquisition Plan outlining the business approach is reviewed by the Senior Procurement 
Executive. 

The CIO provides formal evaluation memoranda to the project sponsors and requires 
follow-up information and actions with due dates, as needed. The Office of the CIO staff 
track responses to the actions. Further, the operating units provide quarterly earned value 
management and operational analysis reports, which are reviewed by Office of the CIO 
staff. These processes taken together highlight any investments that may need special 
management attention. The CIO briefs the Deputy Secretary on investments that deviate 
from cost, schedule, or performance goals by more than 10 percent or that are in other 
ways troublesome. 

In FY 2007, the CITRB reviewed 12 IT investments, and three operating IT investment 
portfolios requesting 46 follow-up actions. The NPOESS Ground System, one of the 
investments on OMB’s High Risk List, is scheduled for review in October 2007. Due 
primarily to technical difficulties in developing one of the satellite’s major sensors, the 
overall NPOESS project cost, schedule, and requirements were reviewed and revised in 
June 2006. While the NPOESS Ground System had been meeting cost and schedule 
goals, the delay in the satellite launch dates caused the Ground System schedule to be 
revised and rebaselined. 

Additionally, the Commerce IT Review Board identified the Decennial Census IT project 
as needing special oversight due to its size, importance, and high risk. The Census 
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Bureau is re-engineering the 2010 Decennial Census to be more efficient and cost 
effective, provide richer data, improve coverage, and reduce risk in meeting 
constitutional and legislative mandates. The Census Bureau will continue to exploit the 
use of advanced technology to support process improvements in the 2010 Census. 

Specific attention is being focused on the use of hand held computers through FDCA, one 
of the investments on OMB’s High Risk List, offering a major opportunity to develop 
more efficient data collection/capture processes for the 2010 Census. The first major 
tests of the hand held computers (HHCs) were conducted in 2004 and 2006 using a 
prototype version of the device to assess whether or not the HHCs could be successfully 
used in the field for 2010 Census operations. The overall benefits to Census operations 
were verified and provided a proof of concept of the hand held computers, while pointing 
to technical adjustments needed. 

The modernization of the Census Bureau’s geographic data base and address file 
(MAF/TIGER, also on the High Risk List) is on schedule to be completed prior to the 
start of 2010 Decennial Census operations. This effort realigns boundary and feature data 
in the Census data base with geographic coordinates that can in turn be utilized by 
geographic information systems. Further, the CITRB reviewed the Decennial Response 
Integration System, the third Decennial system on the High Risk List. Based on this 
review, DRIS received CITRB approval to proceed with Phase II of its three-phase 
development. The scope includes all design, development, testing, security, deployment 
and operations support activities to complete the 2010 Census data capture and assistance 
activities. 

While IT for the Decennial Census is the primary focus of the Office of the Chief 
Information Officer in this special oversight of the Decennial Census, associated general 
management issues are of interest to the CFO/ASA. Therefore, the CFO/ ASA and the 
CIO have been conducting quarterly oversight reviews of this project jointly, addressing 
both general management and IT issues. As a result of these reviews, the overall 
management of the 2010 Census is being monitored along with the management of the FT 
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support required. Where needed, the Census Bureau is asked to provide clarifying 
information, often for the next quarterly review. 

Capital Planning Training 

Over the past several years we have sponsored training, supplemented by one-on-one 
consultations, to address the areas of the Exhibit 300 that cause preparers the most 
difficulty, including performance measurements, alternatives analysis to include return on 
investment, and earned value management. Additionally, we regularly update a set of 
customized. Commerce-specific instructions on how to prepare a high quality business 
case and post them to our Web site. The Department’s Office of the CIO also offers 
training sessions for begiiming and advanced students on use of the eCPIC (electronic 
Capital Planning and Investment Control) software to enter, track, and analyze their 
operating unit’s portfolio of IT and non-IT investments. 

Linkages to Other Processes 

Commerce’s capital planning and investment control process is linked to other processes 
within Commerce. The linkage to the budget process has been described above. Linkages 
to other IT processes and to the acquisition process, which directly support the quality of 
the IT investments and their management, are described below. 

Acquisition 

In a cooperative effort with the Office of the CIO and the Office of Budget, Commerce’s 
Office of Acquisition (0 AM) uses OMB Circular A-1 1, Exhibit 300 as the foundation for 
documentation required in the acquisition process. An Acquisition Plan supplements the 
Exhibit 300 with additional acquisition information and must be made available to the 
CITRB. The Senior Procurement Executive is a member of the CITRB. These 
procedures fully integrate the acquisition process with the information technology and 
budgeting processes. 

Enterprise Architecture 
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The Commerce Enterprise Architecture (EA) has a broad scope. The EA is the union of 
the operating unit architectures and the overarching Department architecture. The 
Department architecture addresses lines of business and services common to all operating 
units. It establishes basic goals and directions, characterizes common systems and 
services, and defines fundamental standards universal to all operating units. This 
approach provides the operating units flexibility in executing their mission specific lines 
of business, while providing greater efficiency and reduced cost for the common lines of 
business. The diverse nature and mission of each operating unit mandates a flexible 
stmcture, allowing each operating unit to define its mission specific architecture that be.st 
fits its business requirements. In this way, each operating unit can fulfill its mission 
tasks, and provide the best service to all stakeholders and customers while supporting the 
overall goals of Commerce. 

The Commerce Enterprise Architecture documents results realized from the combined 
capital planning and architecture efforts in reducing redundant systems, reusing existing 
components, and taking advantage of newer technologies to achieve efficiencies. The 
high-level overview describes Commerce’s goals and business needs, and “as is” and “to 
be” architectures along with migration plans, from business, information, application, and 
infrastructure views. This is supplemented by detailed technical and architecture 
information from the operating units in support of the strategic architectural vision. 

Another part of the overall architecture effort is the identification and development of 
segment architectures. Segment architectures are discrete slices of the enterprise that 
provide a product or service. The segment architecture provides detailed results-oriented 
architecture and a transition strategy for a section of the enterprise. 

The Department's Enterprise Architecture Advisory Group, composed of representatives 
from across the Department, developed guidance for the Enterprise Architecture 
Program. This guidance is consistent with the OMB Federal Enterprise Architecture 
Framework and is designed to enhance the integration of the operating unit portions of 
the Enterprise Architecture and provide a consistent picture across all of Commerce. 

With the development of the OMB Federal Enterprise Architecture Assessment 
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Framework, as well as the General Accountability Office Architecture Maturity 
Assessment, the Commerce Enterprise Architecture Capability Maturity Model has been 
retired. 

The Enterprise Architecture Review Board is a focused group derived from the Enterprise 
Architecture Advisory Group, which reviews architecture updates and change requests, 
and examines investments that are being reviewed by the CURB for compliance with the 
Enterprise Architecture. Recommendations are forwarded to the CITRB for 
consideration. 

IT Security and Privacy 

The Department of Commerce places a very high priority on IT security, recognizing that 
an effective IT Security Program is necessary to protect its IT investments and its data. 
The Department has strengthened its focus in two management areas: IT security 
program management and administration, and critical infrastructure protection. 

The IT Security Program Team, supplemented by IT Security Officers in each of the 
operating units, focuses on improving Department-wide IT security program management 
and overseeing Department-wide compliance with IT security requirements. Recent 
efforts to improve the program include focusing on standardizing the processes that lead 
to sound IT system’s certification and accreditation; updating the comprehensive IT 
security program policy and minimum implementation standards to reflect current IT 
investment trends and regulatory requirements, particularly in the area of personally 
identifiable information; ensuring linkage between the IT system inventory and IT 
investments; as well as improving general security awareness training and providing role- 
based training for those with significant IT security roles and responsibilities. In 
addition, the Department continues an IT compliance review program that includes 
testing the management, operational, and technical controls of the Department's IT 
systems. 

The IT Security program is the information assurance foundation ensuring the 
consideration of IT security over the system's life cycle, from inclusion in IT capital asset 
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budgeting to system disposal. Details of these efforts are provided in the Department's 
annual report to OMB as required by the Federal Information Security Management Act. 

The Critical Infrastructure Protection program concentrates on securing the Department's 
infrastructure resources that support national essential functions. In addition, the team 
reviews and coordinates the IT aspects of Department-wide continuity of operations 
planning to ensure availability of IT investments that support nationally critical as well as 
Commerce’s mission functions. Partnerships established with the Department of 
Homeland Security and integration with Commerce physical security programs have 
enhanced the quality of the critical irvfrastructure program. Furthermore, current and 
plaimed investments in new technology for incident detection and infrastructure 
monitoring will strengthen the Department's IT security posture and enforce the 
information assurance efforts under way by the IT Security Program Team, as described 
above, to protect the Department's IT investment. 

The Department has established a Chief Privacy Officer, who assists in the review of 
Privacy Impact Assessments (PIA) as part of the IT capital planning process and helped 
establish Coiimierce’s IT Privacy Policy. The Chief Privacy Officer works closely with 
Commerce’s Privacy Act Officer, established under the Privacy Act. Both ensure that 
Commerce’s CIO, who serves as Commerce’s Senior Official for Privacy, is actively 
involved in and informed of privacy issues affecting Commerce. In a testament to 
Commerce’s commitment to privacy. Commerce’s IT Privacy Policy extends privacy 
protections beyond personally identifiable information to business identifiable 
information. 

Recent events have made the protection of personally identifiable information a priority. 
Commerce has moved quickly to establish policies and make available practical 
protections for employees to use in safeguarding personally identifiable information as 
well as other sensitive information. All Commerce Privacy Impact Assessments and 
Privacy Policy Statements are available on Commerce’s Web site. 

Electronic Government 
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The Commerce Department continues to expand its already extensive use of electronic 
government to perform its mission better, to enhance support to citizens, businesses, and 
other customers, and to reduce costs. Commerce has long recognized the advantages 
afforded by electronic government to support its responsibilities in delivering scientific, 
technical, and statistical information to the public. Commerce uses the Internet as a 
primary means of disseminating large amounts of data and information as well as 
supporting online transactions. The Department has over 100 different transactions 
available on the Internet. Members of the public can apply for fishing permits, file patent 
and trademark applications, order nautical charts and environmental data, file economic 
census data, register a search and rescue radio beacon, analyze economic and 
demographic data, and read publicly available patent and trademark files — all 
electronically. 

The Office of the CIO ensures that E-Govemment considerations are given high visibility 
in Commerce’s information technology capital investment and control process. Through 
selection and control reviews by the CITRB, senior Commerce management examines 
initiatives for E-Govemment possibilities and suggests E-Govemment alternatives, where 
sensible. 

Project Management 

Commerce recognizes the importance of effective project management to the success of 
IT investments. To ensure that Commerce has skilled, qualified project managers to 
direct its major IT investments, we have launched several initiatives. The first is that IT 
investment sponsors must submit resumes, in a prescribed format, for project managers 
and contracting officers for any new or existing investment that is reviewed by the 
CITRB. This allows Board members and Office of the CIO staff to review the 
qualifications and experience of the project managers and contracting officers and weigh 
these factors in their evaluations of the IT investments. For large investments, the project 
manager must be assigned full time to the investment in question. In concert with CIO 
Council guidance and tailored to Commerce’s IT investments. Commerce formulated 
project manager qualification and certification guidelines and validated all project 
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managers of major investments as meeting the CIO Council’s September 2004 Federal IT 
Project Manager Guidance Matrix certification and experience requirements. In 
FY 2007, Office of CIO staff, in concert with staff of the Office of Acquisition 
Management and the Office of Human Resources Management, are developing an 
implementation plan to address the requirements of OMB’s new Federal Acquisition 
Certification for Program and Project Managers . 

Second, Commerce and its constituent operating units offer project management training 
for all project managers who need it. In FY 2004, the Office of the CIO held two nine- 
day sessions, each for 25-30 students and in FY 2005, we trained an additional 
44 students. Beginning in FY 2006, the Commerce Office of Human Resources 
Management developed a project management education and training curriculum and 
trained an initial group of 30 employees. This training program continues, and in 
FY 2007, another 40 students graduated. This training develops knowledge in all 
nine Project Management Body of Knowledge areas and prepares students for Project 
Management Institute certification as a Project Management Professional (PMP®). 

Third, we have embarked on regular, systematic Earned Value Management (EVM) 
analysis of IT investments under development. The intent is to monitor the performance 
of Commerce projects regularly to provide early warning of projects that may not be 
meeting cost, schedule, or performance goals, allowing course correction to bring the 
development effort back on track. The EVM analysis has been supported by focused 
training sessions on EVM techniques and one-on-one consultations. Further, operating 
unit CIOs are required to conduct operational analyses to certify that steady-state 
investments meet cost, schedule, and performance goals and to identify strategic 
opportunities for improvements. These requirements are founded on a formal policy on 
EVM and operational analysis. Commerce tracks EVM for 12 investments. On average, 
the investments are within 3 percent of cost and schedule goals, well under the 10 percent 
tolerance established by 0MB. 
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In support of all of the above, we have established a central source for project 
management expertise, advice, and guidance, which focuses on four strategic initiatives: 

• Establishment of standards and guidelines for the use of project management best 
practices throughout the Department; 

• Providing project management services and support for select IT projects; 

• Providing DOC program and project managers with technical assistance to ensure 
successful performance in presentations before the Commerce IT Review Board; 
and 

• Mentoring, training, and guiding project teams as they learn and use new project 
management best practices. 

IT Workforce Development 

The IT Workforce Committee of the Federal CIO Council, in partnership with the Office 
of Personnel Management (0PM), conducts a biennial Web-based survey of IT 
employees in the Federal workforce. The survey collects information regarding IT 
employee skills, certifications, and competencies. The data from the survey provides a 
foundation for IT workforce development efforts at Commerce. We are now engaged in 
target setting and gap analysis, making the assessment process more valuable. The Office 
of the CIO has partnered with the Office of Human Resources Management to define a 
cohesive IT workforce development program, using this information as a reference point, 
and submitted an IT Workforce Development Plan to OMB. In addition to the training 
and development activities already underway for project management and IT security, the 
Plan outlines activities to improve skills in enterprise and solutions architecture 
development. We are tracking our progress quarterly against the plan. 

Commerce launched its new Commerce Learning Center (CLC) on June 1, 2007. The 
CLC replaces the GeoLeaming Management System and will provide access to online 
training. Throughout the remainder of calendar year 2007, Commerce will phase in the 
system's full functionality including: online training history from the GeoLeaming 
Management System; scheduling and tracking of all types of training to meet Office of 
Personnel Management requirements; management of individual professional 
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development rosters and reports; distance learning through chat rooms and bulletin 
boards; and more. This project supports the achievement of the President’s Strategic 
Management of Human Capital initiative as well as Expanded Electronic Government. 
The CLC will be particularly useful for role-based IT security training. 

Commerce is actively engaged in outreach programs to attract, recruit, develop, and 
maintain a viable and diverse workforce, responsive to the mission needs of the 
Department and the strategic objectives of our various operating units. The Office of the 
Secretary operates an Executive Leadership Development Program and an Aspiring 
Leaders Development Program for high potential employees. Commerce offers a number 
of intern programs to high school students as well as postsecondary students at both the 
undergraduate and graduate levels. 

Conclusion 

In conclusion, since information technology (IT) expenditures constitute such a large 
portion of the Commerce annual budget (about 20 percent, or $1.7 billion), it is 
imperative that special management attention be given to the Department's proposed and 
continuing IT investments. This is done through the Capital Planning and Investment 
Control process, which continues to be strengthened to provide broader and deeper 
analysis of proposed new FT investments, projects under development, and projects that 
have completed deployment as well as of the overall performance of the portfolio. 

Where the cost, schedule, or performance goals of IT investments are not yet being fully 
achieved, the processes in place have detected the problems and directed corrective 
action. And, for the most significant IT development project that the Department is 
undertaking at this time, the Decennial Census, special reviews and oversight have been 
implemented, identifying opportunities for improvements as needed. The Department of 
Commerce’s inclusion on OMB’s High Risk and Management Watch Lists has helped 
focus some of the discussion, identify specific areas for improvement, and capture senior 
management attention. 
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CHIEF INFORMATION OFFICER 
U.S. DEPARTMENT OF TRANSFORATION 
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SUBCOMMITTEE ON FEDERAL FINANCIAL MANAGEMENT 
COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS 
UNITED STATES SENATE 

September 20, 2007 


Chairman Carper, Ranking Member Cobum and other Members of the 
Subcommittee, thank you for the opportunity to appear before you today to discuss issues 
relating to the Department of Transportation’s (DOT) Information Technology (IT) 
programs, specifically those that are included on the Office of Management and Budget 
(OMB) Management Watch List, the OMB High Risk List and the Government 
Accountability Office (GAO) High Risk Series. 

My name is Dan Mintz; I have been the Chief Information Officer (CIO) for the 
DOT since May I, 2006. In that capacity, my responsibilities include serving as the Vice 
Chair of the DOT Investment Review Board, which oversees all major IT investments for 
the Department. 

1 came to the Government from Sun Microsystems. During my years at Sun, I 
managed IT programs similar in magnitude to those being discussed here today and 
understand the need for senior management review and oversight to ensure that all risks 
are properly mitigated. Many of the lessons learned during my time at Sun have helped 
me to more fully appreciate the issues facing DOT IT program managers and what we as 
a Department need to accomplish. 
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My testimony will address three IT investments (that are included on the Watch 
List and High Risk Lists) and some general information concerning one of our projects 
designated by GAO as High Risk. I also will share with you progress made regarding IT 
governance activities. Throughout these examples I will point out what I have found has 
worked well and not as well in improving IT performance at the Department. 

OMB’s Management Watch List 

Let me first start with a success story for the Department. As you are aware, 
every year after reviewing each agency’s portfolio, OMB evaluates the business cases for 
each major investment. Some become grouped as those OMB considers as “Well 
Planned and Managed” and the remaining ones are placed on their “Management Watch 
List”. In September 2006, we forwarded 47 business cases associated with our major 
programs to OMB for the Budget Year 2008 submission, and of those, 38 were placed on 
the Management Watch List. OMB’s concerns related to specific aspects of the 
individual investments, including Project Management, Acquisition Strategy, Security 
and Privacy, Risk Management, Alternatives Analysis, Enterprise Architecture, and/or 
Cost and Schedule Performance. Remediation plans were developed for each business 
case and efforts were undertaken to address the concerns. Senior managers within each 
Operating Administration were made aware of the concerns, and became personally 
involved in the resolution of all issues. The Department made steady progress in 
remediation efforts and by March 2007, 90 percent of those programs were remediated. 

As of today, one program remains on the Management Watch List, our Combined 
IT Infrastructure, with program oversight residing within my immediate organization. 
This program is designed to help DOT accomplish economies of scale by better 
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understanding the department-wide commitments to IT infrastructure, including the 
investments specific to Operating Administration field offices located throughout the 
country. This investment is a consolidation of 42 other smaller investments. Currently 
for this program to be removed from the Management Watch List, security reporting 
needs to be further refined. I and my staff continue to focus on developing acceptable 
business solutions to more effectively manage this investment. 

OMB High Risk List 

The Department currently has 22 IT projects on the OMB High Risk List, 
including 16 mission related programs and six electronic Government (eGov) 
investments. The current list is the result of negotiations with OMB with the exception of 
the Combined Infrastructure and Consolidated Grants investments which were added due 
to the delay in remediation efforts for Budget Year 2008. These programs are regularly 
briefed to DOT senior managers to address variances. Also, the Department gathers 
detailed information on these programs, and when determined necessary, programs are 
forwarded to the Departmental Investment Review Board for review. My office 
continues to monitor each of these programs on a monthly basis and submits quarterly 
reports to OMB. 

I would like to highlight a number of the programs currently on the OMB High 
Risk List to give you an idea of the issues at hand, as well as the management attention 
being given. We at the Department consider these programs to be a high priority as well 
as high risk. I will address the following programs; the Federal Aviation 
Administration’s (FAA) Telecommunications Infrastracture, Consolidated Grants and 
FAA’s Traffic Flow Management. 
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FAA Telecommunications Infrastructure (FTI) 

FTI is the primary means through which the FAA will obtain the 
telecommunications services it requires through the year 2017. Under this program, the 
FAA is replacing eight separate legacy networks with a single, integrated network. PTI 
enables the FAA to reduce the operating costs for its telecommunications enterprise. The 
public will benefit from the FTI program through lower operating costs and support of 
modernization initiatives that will increase the capacity of the U.S. civilian air traffic 
control system and reduce delays. 

This program has had its challenges over the past years; however, I am pleased to 
report that after more involvement at the Departmental level, and continued commitment 
of the program management team, the program is back on track. Through many 
discussions between 0MB and senior Departmental staff, this program has been 
restructured. Generally, over the past year this program has seen remarkable 
improvement in meeting cost and schedule goals. There are two major challenges facing 
the FTI program at this point in time: (1) Coordinating the timely disconnect of legacy 
services used by the Department of Defense (DoD); and (2) Designing solutions for 
unique FAA interfaces so that the services can be transitioned to FTI. 

(1) The first challenge is important because the FAA’s ability to decommission 
legacy networks is contingent upon the DoD taking action in a timely manner to 
disconnect legacy circuits after the operational service has been cutover to FTI. The 
FAA is proactively engaging high-ranking DoD officials to obtain their commitment to 
support this effort. A Memorandum of Understanding (MOU) will be established 
between the FAA and DoD to formally document roles and responsibilities. 
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(2) The second challenge is important because the FAA’s ability to decommission 
FAA-owned components of legacy networks is dependent upon the transition of all 
services, including those with unique interfaces that are carried on FAA-owned legacy 
networks. As part of the mitigation of this risk, the FTI program has a test bed facility at 
the FAA’s William J. Hughes Technical Center to perform integration testing between 
FTI solutions and the end user systems. In addition, the FTI program has proceeded with 
the transition of leased legacy telecommunications services that support the unique 
interfaces so that the cost savings objectives of the program continue to be met while an 
FTI solution is developted to replace the FAA-owned portion of the legacy service. 

Consolidated Grants 

The Department annually awards approximately S70 billion in grants to promote 
fast, safe, efficient, and convenient transportation for the American people. These grants 
are managed using established processes and procedures which are supported by 
dedicated information systems throughout many of our Operating Administrations. The 
goal of the Consolidated Grants effort is to move DOT towards a more unified approach 
to grants management by integrating and consolidating current systems and processes. 
This program is currently on the OMB High Risk List due to fact that for Fiscal Year 
2007 we were unable to complete all necessary remediation efforts by June 2007. 

The primary challenge facing the Grants Consolidation effort is balancing the 
benefits from integration and consolidation with the ultimate requirement to successfully 
deliver and manage grants. There are unique challenges associated with the significant 
systems integration and business process re-design, especially since any delay will impact 
the grantees and the associated appropriated funds. Grants management systems are 
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unique since they cross numerous functional boundaries including financial management, 
grant program management, appropriations and mission oriented functions. Within DOT, 
the effort is further complicated by a multitude of links to systems from States, localities, 
and other Federal systems. 

The Department is working with OMB to determine the most effective and 
efficient way to process Departmental grants, keeping in mind the recipient 
constituencies and the reimbursable and non-competitive nature of our grant programs. 

In response to this guidance, DOT will be performing a “fit/gap” analysis of the three 
major DOT grants management systems, FAA’s System of Airports Reporting (SOAR), 
the Federal Highway Administration’s Fiscal Management Information System (FMIS), 
and Federal Transit Administration’s Transportation Electronic Award Management 
(TEAM) system relative to the Grants Management Lines of Business Consortium Leads 
and will continue with any associated migration planning. 

FA A Traffic Flow Management (TFM) 

The Traffic Flow Management system is the Nation’s single source for capturing 
and distributing detailed air traffic information to the aviation community for 
coordinating air traffic. When severe weather, congestion and/or outages impact the 
National Airspace System (NAS), TFM provides timely flight data to all stakeholders and 
traffic management specialists to revise flight schedules and minimize system delays. 
Currently this program is within the acceptable 10 percent variance for both cost and 
schedule. 

The greatest challenge confronting this program is maintaining requirement 
stability. Currently, requirement stability will be maintained by freezing the current 
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legacy system, monitoring programmatic risks with monthly status meetings, and 
conducting monthly meetings between the modernization personnel and the 
enhancements team 

GAO High Risk Series 

Transitioning to the GAO High Risk programs, I will address FAA Air Traffic 
Control Modernization which has been designated by the GAO as a high risk program 
since 1995. This modernization effort, which includes the acquisition of new systems 
and facilities, has been and will continue to be a major effort for the Department. The 
FAA is committed to improving processes resulting in better decision making, cost 
savings and achieving results. GAO is tracking FAA’s progress in the following six key 
areas: Acquisition Management, Cost Accounting and Estimation, Enterprise 
Architecture, Investment Management, Human Capital and Deployment. While some of 
the individual projects that make Air Traffic Control Modernization have experienced 
cost overruns, schedule slippages and performance shortfalls in the past, we have seen 
improvements over the last several years, which have been acknowledged by the GAO. 

These improvements have occurred in part due to senior management’s focused 
attention on the modernization effort. Some of the accomplishments to date include: the 
formation of an Executive Management Team and supporting Project Team, development 
of a Project Plan and Measurement scorecard for reporting status and problems, inclusion 
in the FAA Flight Plan, and an objective review of accomplishments and deliverables to 
verify implementation. Risk mitigation efforts continue and we are working to ensure 
that lessons learned are systematically addressed in Agency processes and requirements. 
We will continue to strive for further significant measurable improvements. 
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I have been participating in quarterly review meetings with FAA and the GAO 
and can tell you first hand that this effort is making progress and senior mangers will 
continue to track the efforts needed to reduce risks associated with air traffic control 
modernization. The GAO has acknowledged that the FAA has a comprehensive, 
corrective action plan in place, which meets their expectations for improvement. We 
understand that the GAO will be looking for full implementation of all planned activities 
and that planned “initiatives have been monitored by the FAA and validated as being 
effective and sustainable”. We appreciate the GAO’s efforts with regard to air traffic 
control modernization and welcome its continued assessment of the FAA’s progress. 
Governance Activities 

Since I started at the Department, I have more fully involved the Operating 
Administration CIOs in all programmatic areas. I want to share another success story 
that relates to the re-shaping of our IT governance processes within the Department 
where we refocused attention on the further development of the CIO Council. The CIO 
Council is comprised of CIOs from all of the Operating Administrations and my staff. 
The Council meets monthly and periodically reviews a number of cross-cutting and other 
proposed IT investments. An enhanced prioritization process was recently introduced so 
that proposed cross-cutting IT investments are reviewed more closely based on the 
mission needs. As a result of these recent changes, high priority IT initiatives will have 
greater focus throughout the Departmental review cycle. Recommendations from the 
CIO Council that involve major investments are forwarded to the DOT Investment 
Review Board for final decisions. We are also seeing evidence of more meaningful 
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governance processes being put into place in the Operating Administrations. While we 
have more work to do relating to full implementation, we are on the correct path. 

Over the next few years, the Department will undertake a number of initiatives 
that we strongly believe will both improve ongoing program management and the way 
we are more effectively meeting mission needs overall. 

First, we are in the process of establishing a Department-wide program 
management organization. The organization will establish systematic processes and 
requirements for a consistent approach to program management throughout the 
Department. I have begun activities to establish a Business and Infrastructure 
Transformation team which will focus on internal process improvement, project 
management improvement, and the initiation, oversight, and execution of internal 
Departmental projects. 

Second, we will continue to ensure that those programs identified as High Risk 
and High Priority are reviewed by senior managers as well as the Investment Review 
Board when cost and schedule variances exceed given thresholds (i.e., 10 percent). I 
want to closely track the programs by focusing on trends so that issues can be addressed 
long before thresholds are exceeded. 

Third, I am implementing a plan to effectively address both technical and 
functional performance. We will be creating performance milestones developed with 
more precise indicators tracking program success. In addition, programs will be 
evaluated on a continual basis to assess whether they are routinely meeting their mission 
goals. Part of our plan is to assist program managers in developing these milestones and 
performance indicators. 
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Fourth, we are addressing the issue of Earned Value Management. This early 
warning mechanism will further assist program managers in addressing risks. We need 
time to implement fully and successfully Earned Value Management techniques and are 
experiencing some challenges. We find ourselves in a similar situation as most other 
civilian agencies in that we are unable to fully address all of the thirty-two criteria for a 
certified Earned Value Management System. Currently we are trying to adequately 
address the surveillance and financial criteria. At this time, the Department is 
participating in a civilian agency and industry working group to develop a better working 
relationship with our service providers and to ensure that we are all working towards the 
same program management goals. 

Finally, this year we developed an improved ranking of investments across the 
Department to better determine the “health of our investments” and we plan to update the 
results on a quarterly basis. Over time we plan to ensure our ranking process takes into 
account a more complete portfolio and we plan to better prepare our executives to 
understand the value of each investment and ensure they can make informed decisions 
based on business priorities. This insight will improve the investment management 
process overall. 

Summary 

In conclusion, significant progress has been made, and is continuing to be made to 
fully leverage information technology to meet the Department’s mission. I am convinced 
we are making a difference. Significant challenges remain, including the need to 
continue to improve our program management skills, manage project risks and 
continuously monitor program performance so that management can quickly and 
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effectively mitigate issues before they become troubled investments. We must continue 
to extend our partnerships with industries to ensure that our transportation programs 
deliver quality products and services to the general public at all times and help ensure 
that we are adopting the proven program management practices found within both the 
public and private sector today. 

Our experience is that when we develop transparent processes, collaborate with 
senior business owners and budget officials, and follow a consistent and robust project 
approach, we are able to keep most of the IT investments off the Management Watch List 
or have them quickly removed. When we do not accomplish one or more of those goals, 
the results are far less positive. 

Because of the importance of transportation to the Nation’s economic well being, 
we receive attention from many sources of oversight, not only including those listed here, 
but the DOT Inspector General’s Office, as well as our own Departmental and Operating 
Administration management. Over the years we have learned to maximize the value of 
their input however challenging their opinion may be. Again, 1 thank you for the 
opportunity to appear before you and 1 look forward to answering any questions that you 
may have. 
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Mr, Chairman and Members of the Subcommittee, 1 appreciate the opportunity to appear before you to 
discuss the management of information technology (IT) investments. Like the other Federal agencies 
represented here today, the Department of the Treasury is diligently working to improve the 
management of information technology, especially, those investments considered to be “high risk.” The 
Department has experienced its share of IT challenges in recent years. In response, Secretary Henry 
Paulson made IT management one of his top priorities when he took over the Department last year. As a 
new member of the Secretary’s senior management team, I am fully committed to improving our ability 
to effectively manage our IT investments and receiving value from these investments on behalf of the 
Congress and the American Taxpayer, With your permission, I will summarize my remarks and submit 
my complete written testimony for the record. 

My Personal Background 

I appear before you today as the new Chief Information Officer (CIO) of the Department of the 
Treasury, I began work on September lO"" of this year. Prior to joining Treasury, I served at the 
Department of Justice (DOJ) for 15 years, the past 4 as the Deputy CIO for e-Govemment, 

Strengthening Treasury’s Investment Management Capability through Executive Leadership 

Treasury has an IT portfolio that totals $2,958 billion - about 25 percent of the Department’s budget. Of 
the total, $2,398 billion funds Treasury’s 63 major investments, the remaining $560 million support 222 
“non-major” investments. 

The Department and its bureaus rely significantly on information technology to carry out its extensive 
and varied mission. Our largest investments are at the Internal Revenue Service (IRS), which relies on 
IT to administer its tax programs. The Department also uses IT to support other critical purposes, such 
as analyzing financial intelligence information to combat terrorism. 

Given the importance of Treasury’s IT investments, the Government Accountability Office (GAO) 
reviewed and issued a report on Treasury’s IT management. The July 2007, GAO report found that 
Treasury has established many of the capabilities needed to select, control, and evaluate its IT 
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investments. However, GAO also found several significant weaknesses. Due to these findings, GAO 
identified the need for Treasury to implement an executive level review board to oversee IT investments 
through the entire life cycle of the projects. The GAO also recommended that Treasury implement a 
comprehensive process by which to manage all IT investments, irrespective of size, scope or dollar 
value. 

The Department concurred with the GAO recommendations and began to immediately address the key 
issues raised. 1 strongly support these steps and believe this is a clear indication of the commitment of 
the Department’s leadership to rapidly and comprehensively improve Treasury’s overall management of 
IT. 

As the new CIO, I have taken particular interest in the GAO findings and recommendations. I believe 
regular engagement of our Department and bureau executives and continuous attention to the progress of 
Treasury IT investments are integral to Treasury’s successful planning, implementation and use of IT. 

In the coming months, the Department intends to make several key changes to address its IT 
management issues. Foremost, we will revitalize the Executive Investment Review Board during the 
first quarter of FY 2008. Doing so will bring greater executive involvement in Treasury’s management 
of IT, and will further ensure our IT portfolio decisions are driven by our business requirements and 
strategies. We also intend to better leverage existing management tools and processes that can be used 
to improve investment management capabilities across Treasury. 

Notwithstanding the planned changes I just mentioned, I note that the Department has already taken 
steps to improve Treasury IT management. To ensure that ^ IT investments receive comprehensive 
oversight, the Department began implementing process changes in June 2007 to ensure that “non-major” 
investments are formally selected by the appropriate Treasury Governance Board and reviewed quarterly 
to validate cost, schedule, and performance goals. 

Conclusion 

In summary, the Department has made strides in the past year to improve the management and 
performance of its information technology resources. Work remains to be done. However, these efforts 
- and the actions we have planned to engage executive stakeholders across the Department - will result 
in effective IT management at Treasury. In so doing. Treasury IT programs will provide value-added 
services to the bureaus and offices performing Treasury mission functions, in a manner mindful of the 
taxpayer’s investments in those programs. 

Thank you for the opportunity to participate on this panel. I would be happy to answer any questions 
that you have at this time. 
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Good Afternoon Chairman Carper, Ranking Member Cobum, and distinguished Members of the 
Subcommittee, I appreciate the opportunity to address you on the Department of Homeland 
Security (DHS) inclusion on the Office of Management and Budget’s (0MB) High Risk and 
Management Watch Lists. 

DHS has 76 information technology (IT) investments on the Office of Management and 
Budget’s (0MB) High Risk List. Of these, 15 represent DHS’ participation in OMB’s E- 
Govemraent Initiatives or Lines of Business with a migration component or where DHS is a 
shared service provider. These investments were designated by OMB as high risk and include E- 
Travel Migration, Financial Management Line of Business Migration and Legacy System, 
Human Resources Line of Business Migration and Legacy System, E-Training, E-Human 
Resource Integration Migration, E-Training Legacy Systems; E-Authentication Migration and 
Shared Service Provider, E-Rulemaking Migration and Legacy System, Federal Asset Sales 
Migration Sales Center and Legacy System, and Integrated Acquisition Environment Migration. 
Of DHS’ 105 major investments submitted to OMB in the FY 2008 budget, OMB placed 87 on 
its Management Watch List. DHS improved justification for all but 20 from January through 
June 2007. We are managing or remediating issues from these 20, including a range of issues 
relating from cost/scheduie, privacy statements - to IT security. 

DHS attributes its success in removing these investments from the Management Watch List to 
the strength of its information technology (IT) capital planning and investment control (CPIC) 
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process, which is discussed below, and to its commitment to improve IT security. The Chief 
Information Officer frequently briefed the DHS Management Council on the status of the 
completion of Certification and Accreditation (C&A) packages. IT security has been a topic at 
every Chief Information Officer Council meeting for the past year, with an emphasis again on 
completing high quality C&A packages and ensuring that our C&A process was repeatable and 
reliable. Component Chief Information Officers, supported by their senior management, were 
fully apprised of the importance of the C&A packages and ensured that the work was completed 
as needed in their respective Components. 

Capital Planning and Investment Control 

DHS CPIC process supports effective decision-making and project management of the DHS 
investments in capital assets. The purpose of DHS CPIC process is to formulate, manage, and 
maintain its portfolio of investments as critical assets for achieving success in the DHS mission. 
The DHS CPIC process is guided by Departmental and Component strategic and business 
priorities, and provides a framework for appropriately balancing existing and proposed 
investment options and their support for DHS’ core mission. 

The DHS CPIC process is comprised of four phases; Pre-Select, Select, Control and Evaluate. 
The CPIC phases support the initial conception and development of the investment, the selection 
of the investment from among competing investments, and the monitoring and evaluation of 
investments for acceptable performance and progress against objectives. 

The process begins with a request for Components to develop Resource Allocation Plans (RAP) 
that describe the Components’ IT priorities of all their Investments. After review and analysis, 
DHS prioritizes the investments and decides which investments will be included in its portfolios. 
DHS then evaluates, scores, and selects investments for inclusion in the budget request for the 
budget year under consideration, selecting investments that best support the mission. The 
process targets technically and financially sound projects aligned with the President’s 
Management Agenda (PMA) and DHS business priorities. Final budget determinations are 
documented in the form of Resource Allocation Decisions (RAD). 

The RAD decisions drive the development of OMB Exhibits 300 and 53. At the end of the select 
phase, the Department has a scored and ranked list of Exhibits 300 for all major investments and 
an Exhibit 53 for all level 1 through 4 IT investments. 

The Control phase ensures that each project is performing within acceptable cost, schedule, and 
performance parameters and that it is subject to continual assessment and mitigation of potential 
risks. Project managers must monitor and control the expenditure of funds to ensure that the 
project delivers the promised capability in accordance with the approved cost, schedule, and 
performance baseline. Through timely oversight, quality control, and executive review, the 
Department manages its investments in a disciplined and consistent manner that promotes the 
delivery of quality products and results in investments completed within scope, on time, and 
within budget. 
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Existing government regulations require Federal Agencies to establish a regular review process 
for their investments as part of its CPIC process. To comply with these regulations, DHS has 
established a Periodic Reporting Process. DHS projects use EVM (for development, 
modernization, or enhancement) or Operational Analysis (for steady state) to manage for risk 
reduction and increased performance. DHS distributes guidance documents on Periodic 
Reporting (PR), Earned Value Management (EVM), and Operational Analysis (OA) throughout 
the Department, and provides associated training courses to DHS personnel. DHS’ PR, EVM, 
and OA processes have significantly improved DHS’ ability to track and report on investment 
cost, schedule, and performance variances. The analysis from these processes has been provided 
to DHS management (most notably DHS’ newly identified IT portfolio managers), 0MB, and 
GAO since FY06 Ql. Finally, DHS is currently deploying a business intelligence tool that will 
allow DHS management to view trends of quarterly Periodic Reporting information that will 
influence DHS’ management intervention. Data elements required to be reported include but are 
not limited to: 

• Acquisition Program Baseline information including dates, approval authority. Independent 
Validation and Verification (IV&V) information 

• EVM data including cost, schedule, and performance status and variance explanations 

• ANSI compliance assessment standard 748 verification regarding EVMS 

• DHS PM level of certification 

• Explanation of “Avoidance of Duplication” where the program is using DHS enterprise level 
investments or e-Gov initiatives to deliver program capability 

• Corrective action plans for variance from cost, schedule or performance based on DHS EVM 
and Operational Analysis Guidance 

Investment Review Process 

The DHS Investment Review Process (IRP) has two distinct objectives: 

• Oversight of investments throughout their life cycle through programmatic reviews; 

• Portfolio management to achieve strategic goals and objectives and to preclude duplication of 
effort. Portfolio reviews will be at a much higher and broader level and will look at strategic 
gaps, among other things, at the functional-portfolio level. 

Reviews are tailored to the needs of the project — its acquisition lifecycle, its duration, its 
strategic importance, and its risk and complexity — so that during its platming phases, the project 
is aware of potential duplication of effort and of other projects in its functional portfolio that may 
impact its success. These initial discussions may be several years before funding is available for 
the work but are important for the Component to understand the ramifications of making specific 
investment decisions. 

The goals of the IRP are to: 

• Ensure proper management, oversight, control, reporting, and review for all investments. 
Reviews are tailored based upon the risk, complexity, and acquisition nature of the 
investment projects. 
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• Ensure that investment spending directly supports and furthers DHS’ mission(s) and provides 
optimal benefits and capabilities to stakeholders and customers. 

• Integrate CPIC, resource allocation, budgeting, acquisition, and management of all 
investments to ensure public resources are wisely invested and the requirements of the 
authorities listed below are achieved. 

• Identify poorly performing investments — ones that are behind schedule, over budget, or 
lacking in capability — so Department executives and project managers can identify and 
implement corrective actions. 

• Allow the Department to understand the strategic gaps in the DHS mission and to manage the 
overall portfolio to fill those gaps in the most effective manner. 

The IRP supports the Future Years Homeland Security Program (FYHSP) through the validation 
of requirements for funding and the joint use and review of goals and objectives. The IRP also 
encompasses the periodic reviews of the Acquisition Program Baseline (APB) and of the data 
provided by project Earned Value Management Systems (EVMS) and is meant to inform both 
DHS executives and project managers of the performance of investments. The IRP will provide 
continual oversight of the Department’s investment portfolio and its functional segments to 
ensure that DHS is meeting its objectives in a cost-effective manner. 

Other IT Governance Support 

Portfolio Management 

The DHS Chief Information Officer has implemented the IT Portfolio Management framework 
to ensure that cross-departmental IT capabilities support the DHS mission and management 
objectives. Portfolio Management allows DHS to analyze IT investments and assets across 
organizational boundaries and align IT planning and budgeting with acquisition activities and the 
enterprise architecture. The DHS Chief Information Officer is developing portfolio coalitions 
which include representatives from departmental investment managers, portfolio managers and 
IT persotmel to establish enterprise target architectures, transition plans and performance 
measures that will ensure alignment of IT resources to departmental objectives. This enhanced 
governance structure will significantly improve visibility into all IT, eliminate duplicative 
investments and provide senior leadership with a reliable IT decision-making framework. 

Portfolio Management stresses analysis of each Investment within the broader context of how it 
fits into the relevant portfolio. Analysis is conducted to place investments in each portfolio in a 
“Value-Risk” quad chart that categorizes the investment as: 

1 . Consolidate/Divest- Low value, high risk 

2. Maximize ROI before divesting- Low value, low risk 

3. Evolutionary, improve incrementally- High Value, low risk 

4. Transformational - High value. High risk 

In portfolios where the target architecture has been defined, the IT Portfolio Management 
Process is used to assist the DHS Chief Information Officer in choosing which investments 
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should be utilized as part of the enterprise architecture transition plan, and which investments 
should be curtailed in favor of those that exhibit best performance. 

Analyses performed and recommendations made in the IT Portfolio Management Process are 
used to inform DHS Chief Information Officer’s decisions and are input into Investment Review 
Process discussions. Also, the IT Portfolio Managers will provide subject matter expert support 
to the DHS Investment Review Board 

Enterprise Architecture 

Enterprise Architecture (EA) is a management strategy for achieving organizational performance 
improvement and managing change. The EA Plan is derived, in part, from an organization’s 
strategic plan and is used to align IT resources with the organization’s mission, vision, goals, and 
objectives. Tying IT acquisition to the strategic direction and business needs of an organization 
improves efficiency, reduces redundancy, and frees up resources to be applied to other priorities. 

The DHS Enterprise Architecture documents the results realized from the combined capital 
planning and architecture efforts in reducing redundant systems, reusing existing components, 
and taking advantage of newer technologies to achieve efficiencies. The high-level overview 
describes DHS’ goals and business needs, and “as is” and “to be” architectures along with 
migration plans, from business, information, application, and infrastructure views. 

Another part of the overall architecture effort is the identification and development of segment 
architectures, discrete slices of the enterprise that provides a product or service. The segment 
architecture provides detailed results-oriented architecture and a transition strategy for a section 
of the enterprise. 

The Department’s Enterprise Architecture Board (EAB), composed of representatives from 
across the Department, develop guidance for the Enterprise Architecture Program. This 
guidance is consistent with the 0MB Federal Enterprise Architecture Framework and is designed 
to enhance the integration of the Component portions of the Enterprise Architecture and provide 
a consistent picture across all of DHS. 

IT Security and Privacy 

DHS implemented a tool to document the complete inventory of its systems and their security 
status. Additionally, DHS implemented security policy and guidance that requires Components 
to perform key program activities such as developing risk assessments, preparing security plans, 
testing and evaluating the effectiveness of security controls, completing remedial action plans, 
and developing and testing continuity of operations plans. DHS monitors the C&A status of all 
systems, both in development and operations, to ensure compliance with DHS policy. 

The Department has also established a Chief Privacy Officer, who assists in the review of 
Privacy Impact Assessments (PIA) as part of the IT capital planning process and established 
DHS’ Privacy Policy. 
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IT Acquisition Review 

In December 2006, DHS implemented an IT acquisition review (ITAR) process. The ITAR 
process supports the DHS Chief Information Officer’s review and approval of all IT acquisitions 
of $2.5M or more. IT acquisitions are defined as services for IT, software, hardware, 
communications, and infrastructure. The purpose of ITAR is to improve the alignment of IT 
purchases to the DHS mission and target architecture. 

The ITAR process has improved IT investment management by providing visibility into actual 
IT purchases and providing the Office of the Chief Information Officer (CIO) an opportunity to 
identify duplicative investments and take corrective action. Over the first six months of its 
implementation, the ITAR process reviewed approximately $1.8B, which represents 
approximately 53% of the IT budget identified in the FY07 Exhibit 53. 

Project Management 

To ensure that DHS has skilled, qualified project managers to direct its major IT investments, we 
have launched several initiatives. The first is that IT investment sponsors must submit resumes, 
in a prescribed format, for project managers and contracting officers for any new or existing 
investment that is reviewed by the Investment Review Process. A full time project manager is 
assigned to large investments. 

DHS has embarked on regular, systematic Earned Value Management (EVM) analysis of IT 
investments under development. The intent is to monitor the performance of DHS projects 
regularly to provide early warning of projects that may not be meeting cost, schedule, or 
performance goals, allowing course correction to bring the development effort back on track. 

The EVM analysis has been supported by focused training sessions on EVM techniques and one- 
on-one consultations. Further, Component Chief Information Officers are required to conduct 
operational analyses to certify that steady-state investments meet cost, schedule, and 
performance goals and to identify strategic opportunities for improvements. These requirements 
are founded on a formal policy on EVM and operational analysis. 

Conclusion 

IT investments constitute approximately $5.0 billion of the DHS annual budget, and it is 
imperative that DHS give special management attention to the Department’s proposed and 
continuing IT investments. This is accomplished through the CPIC process, which provides a 
comprehensive analysis of proposed IT investments, projects under development, and projects 
that have completed deployment; as well as of the overall performance of the portfolio. Where 
the cost, schedule, or performance goals of IT investments are not yet fully achieved, the 
processes in place will detect problems and directed corrective action. 
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Mr. Paul A. Brinkley 
Deputy Under Secretary of Defense 
for Business Transformation 

Chairman Carper, Senator Cobum, Members of the Subcommittee, thank you for this 
opportunity to provide information on the progress and direction of Defense Business 
Transformation. 

Our Nation faces diverse challenges and greater uncertainty about the future global 
security environment than ever before. The Department’s mission requires that its 
business operations adapt to meet these challenges and react with precision and speed to 
support our Armed Forces. The Department is currently engaged in a massive effort to 
transform the way it does business and fulfill its commitment to the American people to 
deliver enhanced defense business capabilities effectively and efficiently. 

Over the past few years, DoD has built the foundation for improving and modernizing its 
business operations by engaging its leadership through the establishment of the Defense 
Business System Management Committee (DBSMC) and Investment Review Board 
(IRB) structure, standing up the Business Transformation Agency (BTA), developing the 
Business Enterprise Architecture (BEA) and its associated Federation Strategy, adopting 
Continuous Process Improvement principles and implementing Lean Six Sigma 
methodologies, and by issuing the Enterprise Transition Plan (ETP). More broadly, the 
Department has focused on five key areas, which together, are critical to the successful 
execution of our business transformation endeavor: Strategy, Process, Culture, 
Information, and Technology. We have made significant progress in this effort, and I 
would like to take this opportunity to review with you our major successes and recent 
accomplishments. 
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Defense Business Systems Management Committee (DBSMC) 

Since its inception in 2005, the DBSMC, in concert with the IRB, has served as the 
governance structure that guides the transformation activities of the business areas of the 
Department, such as finance, logistics, etc. As authorized by the FY05 National Defense 
Authorization Act and reiterated in the DBSMC Charter, the DBSMC has responsibility for 
approving: the business systems IT modernizations over $1M, the Business Enterprise 
Architecture (BEA), and the Enterprise Transition Plan (ETP). This gives the DBSMC 
oversight and control of the BMA’s enabler to transformation - material solutions. 

Additionally, the DBSMC Charter extends the authority of the DBSMC beyond statutory 
requirements to include responsibility for ensuring that the strategic direction of the 
Department’s business operations are aligned with the rest of DoD and for measuring and 
reporting the progress of the BMA’s transformation. The DBSMC has also been an integral 
driving force behind the Department’s adoption of Continuous Process Improvement (CPI) 

/ Lean Six Sigma (LSS) methodology and the Department’s shared focus on Enterprise 
Resource Planning (ERP) strategy. The DBSMC has provided invaluable top level direction 
for the business transformation efforts of the Department. 

Investment Review Process 

The DBSMC/IRB investment review process provides a framework for effective 
investment decision-making that ensures alignment with the BEA standards and focuses on 
the needs and priorities of the Warfighter. 

The DBSMC has overseen the development and implementation of the Business Capability 
Lifecycle (BCL), which, when fully implemented, will serve as the acquisition process for 
all Major Automated Information Systems (MAIS) level systems. The BCL will help 
resolve long-standing challenges that have impacted the delivery of business capabilities in 
a timely, well-informed manner - fragmented governance and reporting, a need for better- 
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defined requirements and more robust upfront solution analysis, and a need for continual 
access to comprehensive information to enhance visibility for all process stakeholders. 
Under BCL process rules, initial operational capability of a program must be reached within 
12-18 months of the contract award or the business case will not be approved. 

The DBSMC/IRB governance structure has produced significant improvement across a 
broad range of business systems, including two major enterprise-level programs - the 
Defense Travel System (DTS) and the Defense Integrated Military Human Resources 
System (DIMHRS). Based in large part on the significant upgrade performed this year to 
the reservation module within DTS, usage of the tool has increased dramatically. This year, 
there has been a -75% increase in vouchers processed monthly basis over last year. The 
next phase of the program will add additional types of travel to the tool’s capability, which 
will further increase usage. We are also preparing to make the use of DTS mandatory for all 
trip types that the tool has the capability to handle. Finally, we will align DTS with the 
government-wide travel system, e-Travel, to capture government-wide travel data that can 
then be used to make more effective strategic sourcing decisions. Under the direct 
leadership of the DBSMC, the DIMHRS program has achieved effective governance to 
keep the program on track for initial operating capability for the Army by October, 2008. 

Business Enterprise Architecture (BEA) 

The BEA has allowed us to establish clear benchmarks for the alignment of business 
systems to the Department’s future business environment. It has also allowed us to make 
important and measurable progress, as acknowledged by recent Government Accountability 
Office (GAO) reports. 

As we continue to evolve the BEA, a key objective is to produce an architecture that can be 
harnessed as an executive decision-making mechanism while simultaneously supporting the 
implementation of information technology systems and services. The recently released 
Concept of Operations for Business Enterprise Architecture (BEA) Requirements addresses 
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this objective by 1) outlining a further maturation of the Department’s architecture 
development approach that addresses both top-down strategic requirements and bottom-up 
tactical requirements, and 2) expanding the governance process to encourage users and 
stakeholders to shape architecture form and content. This approach is already drawing from 
new sources of requirements, better evaluating the priority of requirements, and providing 
improved governance for the BEA development cycle. 

When BEA 5.0 is released in March 2008, it will help achieve interoperable, efficient, 
transparent business operations by including and integrating data standards, required 
business rules and system interface requirements for the enterprise systems and ERP target 
programs. Including this information also supports alignment to and implementation of the 
direction of the BMA Federation Strategy and Roadmap. 

Continuous Process Improvement (CPI) / Lean Six Sigma (LSS) 

Lean Six Sigma (LSS) is an important part of the Department’s Continuous Process 
Improvement (CPI) effort, A disciplined improvement methodology, LSS has been 
endorsed by DoD leadership as the means by which the Department will become more 
efficient in its operations and more effective in its support of the warfighter. By focusing on 
becoming a “lean” organization, the DoD will eliminate waste, improve quality and put its 
resources and capital to the best use in meeting the goals in the Enterprise Transition Plan. 
On April 30, 2007, the Deputy Secretary of Defense instructed the Office of the Deputy 
Under Secretary of Defense-Business Transformation to create a DoD CPI/LSS Program 
Office to drive DoD-wide CPI/LSS activities. Current activities include working with the 
Defense Acquisition University to create a Green Belt and Black Belt training infrastructure, 
tracking training and project metrics from all OSD and Component organizations, and 
selected DoD-wide projects. 

One of the most ambitious process improvement projects that has been undertaken to date is 
an end-to-end reform of the government-wide security clearance process. DoD is working 
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in close cooperation with the Director of National Intelligence and the Office of 
Management and Budget on this effort. The interagency team has been charged with 
creating a new clearance process that is fair, flexible and adaptive, managed and highly 
automated end-to-end, reciprocal, and delivering timely, high-assurance security clearances 
at the lowest reasonable cost by December, 2008. The team has completed the first phase of 
its work. 

Enterprise Transition Plan (ETP) 

The ETP reflects the strategic and tactical partnership between the Enterprise- and 
Component- levels by providing a big picture view of defense business transformation 
efforts at every level within the business mission area. In a little over a week, we will 
release an updated ETP. As we committed to Congress, we have updated this plan every 
six months since its initial delivery in September 2005. With the publication of the ETP the 
Department, for the first time, provided its internal and external stakeholders a 
comprehensive view of the systems and initiatives that will transform the largest business 
entity in the world. The plan eontinues to mature and communicates our transformation 
plans, and provides senior management with a tool for monitoring progress against those 
plans. All significant milestones in the ETP are shown in 6, 12, and 1 8 month increments. 
For example, our most recent publication reflected success on over 83% of the Enterprise 
milestones detailed in the first version of the ETP. The ETP has also been expanded to 
include the progress of the Department’s CPI/LSS efforts. 

Accountability 

While the DBSMC/IRB governance structure provides direction and oversight at the 
Enterprise-level, with participation from the Components, we would be remiss if we failed 
to acknowledge the dedication and commitment the Components have demonstrated in their 
own transformation. In partnership with the Components, the Department has taken major 
strides in business transformation by using the strategic concept of tiered accountability. 
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Tiered accountability requires each tier in the DoD organizational structure. Component or 
Enterprise, to focus on those requirements specific to their tier and leave the responsibility 
and accountability for other elements to the appropriate tier. Tiered accountability in the 
Department encompasses the broad area of policy setting; the detailed establishment of 
process and data standards; as well as the ultimate execution of business operations. 

Business Transformation Agency Agile and Accountable Workforce 

True transformation requires visionary leaders and an agile, collaborative and accountable 
workforce that embraces change and achieves results. In the span of less than two years, 
the BTA has gained a significant robust and organic capability to manage and oversee the 
Department’s transformation efforts. In February 2006, the first permanent BTA Director 
was selected, providing a constancy of leadership and a focus for Enterprise wide decision 
making across the Department. And, using the Congressional special hiring authority for 
highly qualified experts (HQEs), BTA has created a complementary workforce composed 
of career civilians, term-appointed civilians, military members and contractors who have 
collectively contributed to our continuing progress in assuring standardization and 
mitigating the risk associated with large business systems implementations across the DoD. 
We appreciate Congress’ recognition of the need to develop a multi-dimensional workforce 
and the continued support for hiring HQEs as an integral part of maintaining transformation 
momentum. 

Working Relationship with the Government Accountability Office (GAO) and the 
Office of Management and Budget (OMB) 

DoD regularly and proactively engages with GAO and OMB to communicate its progress 
and achievements in defense business transformation. GAO has acknowledged the 
Department’s progress in several reports over the past two years and both organizations 
continue to be constructive partners in our overall transformation efforts. GAO’s May 
report, entitled “DOD Business Systems Modernization: Progress Continues to Be Made 
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in Establishing Corporate Management Controls but Further Steps are Needed” (GAO- 
07-733) was the most positive NDAA Compliance report the Department has received to 
date, and contained a single new recommendation and officially closed 10 others. GAO 
stated the following: 

Given the demonstrated commitment of DOD leadership to 
improving its business systems modernization efforts and its recent 
responsiveness to our prior recommendations, we are optimistic 
concerning the likelihood that the department will continue to make 
progress on these fronts. 

The Department has also been in regular dialogue with 0MB regarding a number of 
transformation initiatives. In both the effort to align DTS and e-Trave! and the initiative 
to reform the Security Clearance process, described previously in this testimony, DoD 
and 0MB are working closely together to bring increased capabilities to the entire 
Federal government. In other cases, 0MB is helping DoD leverage lessons learned from 
similar initiatives across the Federal space. 

We continue to welcome GAO and OMB’s insight, as well as that of all our government 
partners, as we work together to accomplish our transformation priorities and achieve our 
shared goals. 

Conclusion 

We are pleased that we are showing progress in our business transformation efforts and 
that this progress has been recognized by our oversight bodies. However, aligning the 
strategy, controls, people, processes, and technology to truly effect enterprise-wide 
change in an organization as large and complex as the Department of Defense is an 
enormous undertaking, which has also been recognized by GAO and 0MB. The 
challenges that business transformation faces should not be underestimated. We believe 
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though, that our persistent focus on accelerating the pace of change will enable continued 
progress. 

The Department is well aware that business transformation is a marathon and not a sprint. 
Following this course, the Department has made steady and significant progress, 
achieving tangible results that are yielding positive outcomes in business operations. 

We appreciate and value the support of Congress over the last several years as we have 
established new governance and discipline in our business transformation efforts. We are 
anxious to demonstrate that this support will reap benefits for both the taxpayers who 
fund our efforts and for the Warfighters who defend this nation. Mr. Chairman, we 
thank you and the members of the subcommittee for your continued support. 
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